\n
The nodal agency for responding to computer security incidents in India has rated the vulnerability quotient of public Wi-Fi in the country at 'high'. \"Successful exploitation of these vulnerabilities allows an attacker to obtain sensitive information such as credit card numbers, passwords, chat messages, emails etc,\" CERT-in<\/a> said. The Indian agency has suggested that users avoid public Wi-Fi at all costs and instead use VPN<\/a> (virtual private network) and wired networks.
\n
\nThe note follows an international research that highlighted the vulnerability in WPA or WPA2 encryption that is most commonly used to connect to wireless networks. Researchers led by Mathy Vanhoef found that devices based on Android, iOS, Linux, macOS and Windows were among those vulnerable. They called this type of attack a key reinstallation attack, or KRACK.
\n
\nThis attack works by abusing design or implementation flaws in the WPA2 protocol of Wi-Fi standard, or what is known as the four-way handshake (network authentication protocol) to reinstall an already-in-use key, which then resets the key and allows the encryption protocol to be attacked, said a note by Kaspersky Labs, a data security firm. Researchers tested this loophole with an attack and wrote about it in a blog on early this week. They found that the attack \"works against all modern protected Wi-Fi networks\" and \"41% of all Android devices\".
\n
\n\"This is very serious. Every Wi-Fi network is at risk,\" said Ram Swaroop, founder, CyberSecurityWorks, a Chennai-based security company. \"It works when the attacker is within the range of the Wi-Fi device, taking advantage of a flaw in the handshake between the device and the router,\" he said.
\n
\n\"Using this vulnerability, a hacker can get unauthorised connection to the wireless network. They can capture every other system on the network and see what they are browsing. They can also disguise themselves as one of the users and take advantage,\" said Vinod Senthil, founder, InfySec. Experts said changing the Wi-Fi password will not prevent or mitigate this attack. They suggested using LAN till the vulnerability is addressed.
\n
\nSwaroop of CybersSecurityWorks cautions against using any free Wi-Fi at airports and hotels. \"At home, disable broadcast of your SSID. This way no attacker can see your WiFi device. Only you and your family members know of this and can enter it into your endpoints. Check who your router manufacturer is and check for updates on their website and update your router,\" he said.
\n
\nTechnology companies are starting to respond. On Wednesday, Microsoft issued an update that addresses the vulnerability. Others like Google and Apple are expected to issue patches soon.\n\n<\/body>","next_sibling":[{"msid":61140367,"title":"Feature phone one of the most gifted items this Diwali","entity_type":"ARTICLE","link":"\/news\/feature-phone-one-of-the-most-gifted-items-this-diwali\/61140367","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":61148357,"entity_type":"ARTICLE","title":"Airport, railway Wi-Fi hotspots for cyber attacks, warns government agency","synopsis":"\"Successful exploitation of these vulnerabilities allows an attacker to obtain sensitive information such as credit card numbers, passwords, emails etc,\" CERT-in said.","titleseo":"telecomnews\/airport-railway-wi-fi-hotspots-for-cyber-attacks-warns-government-agency","status":"ACTIVE","authors":[{"author_name":"Ranjani Ayyar","author_link":"\/author\/479241722\/ranjani-ayyar","author_image":"https:\/\/etimg.etb2bimg.com\/authorthumb\/479241722.cms?width=100&height=100&hostid=268","author_additional":{"thumbsize":false,"msid":479241722,"author_name":"Ranjani Ayyar","author_seo_name":"Ranjani-Ayyar","designation":"Correspondent","agency":false}}],"Alttitle":{"minfo":""},"artag":"TNN","artdate":"2017-10-20 08:00:41","lastupd":"2017-10-20 08:06:47","breadcrumbTags":["cyber attacks","Wi-Fi hotspots","CERT-In","VPN","Railway","Internet","airport"],"secinfo":{"seolocation":"telecomnews\/airport-railway-wi-fi-hotspots-for-cyber-attacks-warns-government-agency"}}" data-authors="[" ranjani ayyar"]" data-category-name="" data-category_id="" data-date="2017-10-20" data-index="article_1">
钦奈:浏览互联网使用公共无线计算机网络铁路车站和机场可能会让你容易网络攻击印度政府机构计算机紧急响应小组(、)已经警告说。
节点机构应对计算机安全事件在印度的脆弱性指数评价公共wi - fi的“高”。“成功利用这些漏洞允许攻击者获取敏感信息,比如信用卡号码、密码、聊天消息、邮件等,“、说。印度代理已建议用户不惜一切代价避免公共wi - fi,而是使用VPN(虚拟专用网络)和有线网络。
注意遵循国际研究,强调了在WPA或WPA2加密漏洞是最常用的连接到无线网络。研究数学Vanhoef发现设备基于Android, iOS, Linux, macOS和窗户都脆弱。他们称这种类型的攻击一个关键重新安装攻击,或布莱恩。
这种攻击是通过滥用设计或实现的缺陷WPA2 wi - fi标准的协议,或者被称为四握手(网络身份验证协议)来重新安装一个已经在使用的密钥,然后重置并允许加密的密钥协议攻击,表示注意到卡巴斯基实验室,数据安全公司。研究人员测试了这个漏洞攻击和写它在本周早些时候在一篇博客。他们发现攻击违背“所有现代保护无线网络”和“41%的Android设备”。
“这是非常严重的。每一个wi - fi网络风险,”创始人Ram Swaroop说,CyberSecurityWorks常驻安全公司。“它当攻击者wi - fi设备的范围内,利用一个缺陷在设备和路由器之间的握手,”他说。
“利用这个漏洞,黑客可以未经授权的无线网络连接。他们可以捕捉每一个网络上的其他系统,看看他们浏览。他们也可以把自己伪装成一个用户和利用,“创始人Vinod Senthil说,InfySec。专家说改变无线密码不会阻止或减轻这种攻击。他们建议使用局域网到漏洞解决。
Swaroop CybersSecurityWorks警告反对使用任何免费wi - fi在机场和酒店。“在家里,禁用广播你的SSID。这种方式没有攻击者可以看到您的无线设备。只有你和你的家人知道,可以输入到您的端点。检查你的路由器制造商是谁,检查更新他们的网站和更新你的路由器,”他说。
科技公司也开始回应。周三,微软发布了一个更新,解决了脆弱性。其他类似谷歌和苹果预计很快发布补丁。
节点机构应对计算机安全事件在印度的脆弱性指数评价公共wi - fi的“高”。“成功利用这些漏洞允许攻击者获取敏感信息,比如信用卡号码、密码、聊天消息、邮件等,“、说。印度代理已建议用户不惜一切代价避免公共wi - fi,而是使用VPN(虚拟专用网络)和有线网络。
注意遵循国际研究,强调了在WPA或WPA2加密漏洞是最常用的连接到无线网络。研究数学Vanhoef发现设备基于Android, iOS, Linux, macOS和窗户都脆弱。他们称这种类型的攻击一个关键重新安装攻击,或布莱恩。
这种攻击是通过滥用设计或实现的缺陷WPA2 wi - fi标准的协议,或者被称为四握手(网络身份验证协议)来重新安装一个已经在使用的密钥,然后重置并允许加密的密钥协议攻击,表示注意到卡巴斯基实验室,数据安全公司。研究人员测试了这个漏洞攻击和写它在本周早些时候在一篇博客。他们发现攻击违背“所有现代保护无线网络”和“41%的Android设备”。
“这是非常严重的。每一个wi - fi网络风险,”创始人Ram Swaroop说,CyberSecurityWorks常驻安全公司。“它当攻击者wi - fi设备的范围内,利用一个缺陷在设备和路由器之间的握手,”他说。
“利用这个漏洞,黑客可以未经授权的无线网络连接。他们可以捕捉每一个网络上的其他系统,看看他们浏览。他们也可以把自己伪装成一个用户和利用,“创始人Vinod Senthil说,InfySec。专家说改变无线密码不会阻止或减轻这种攻击。他们建议使用局域网到漏洞解决。
Swaroop CybersSecurityWorks警告反对使用任何免费wi - fi在机场和酒店。“在家里,禁用广播你的SSID。这种方式没有攻击者可以看到您的无线设备。只有你和你的家人知道,可以输入到您的端点。检查你的路由器制造商是谁,检查更新他们的网站和更新你的路由器,”他说。
科技公司也开始回应。周三,微软发布了一个更新,解决了脆弱性。其他类似谷歌和苹果预计很快发布补丁。
评论
现在评论 阅读评论(1)所有评论
找到这个评论进攻?
下面选择你的理由并单击submit按钮。这将提醒我们的版主采取行动