 "Why using Wi-Fi at airport or railway station is 'risky'")
When you visit an airport or railway station next time remember that browsing internet using the public Wi-Fi hotspot or wireless internet networks may leave you vulnerable for cyber attacks.
The government agency Indian Computer Emergency Response Team (CERT-in) has rated the vulnerability quotient of public Wi-Fi in the country at 'high'. It warned public against using public Wi-Fi and suggested VPN (virtual private network) and wired networks instead.
"Successful exploitation of these vulnerabilities allows an attacker to obtain sensitive information such as credit card numbers, passwords, chat messages, emails etc," CERT-in said.
The agency's statement comes after Mathy Vanhoef, a security expert at Belgian university KU Leuven, recently discovered the weakness in the wireless security protocol WPA2, and published details of the flaw.
WPA2 is a protocol that secures all modern protected Wi-Fi networks.
What does Vanhoef's report say?
1. An attacker within the range of a victim can exploit the weaknesses in WPA-2 using key reinstallation attacks (KRACKs) to read information that was previously assumed to be safely encrypted.
2. Information such as credit card numbers, passwords, chat messages, emails, and photos can be stolen.
3. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.
4. Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.
How does it work?
In this novel attack technique, an already-in-use key is re-installed, and then the key is reset which allows the encryption protocol to be attacked.
When a machine like a laptop or smartphone connects to a Wi-fi network, the two gadgets carry out a four-way handshake (network authentication protocol). For example: The process involves confirming that the user's phone has the right password to connect to the network. It reinstalls an already-in-use key, which then resets the key and allows the encryption protocol to be attacked
What should you do to protect your device from cyber attack?
To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected, the report says.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%