TechNewsPro_Masthead_2.jpg

The latest in NEWS, RESOURCES and JOBS

Lower the TCO of your legacy data wareho
Talend_Banner_728x90px_v1.jpg
  • Sahriar Shuvo - Tech Journalist

Widespread flaws in Wi-Fi Security: New set of vulnerabilities may expose data of millions

We are no strangers to the vulnerabilities of Wi-Fi and overall networking infrastructure. We can see safe browsing signs everywhere in decent public Wi-Fi hotspots. But when it's personal, is there any matter of concern? If you’re careful then mostly no! Even then sometimes an interested third party wants one simple loophole to get into your system. So even without being unsecure, there is a chance. And a recent discovery proved it once again. The latest finding tells us, maybe millions are compromised by an embedded flaw in the Wi-Fi security system and it is ongoing for the past two decades.



This time around vulnerabilities was found via smart home devices connected with Wi-Fi. Smart devices work with a control system, sometimes they are automated and most of the time it requires some type of command from the user to function. Hackers exploited the same mechanism but instead of connecting, they are mining sensitive information. When a device tries to connect with a network, it sends packets of data to verify the host. The host receives a request and accepts the prompt. Data gets intercepted between the two network devices.

The same procedure went down but with a slight twist. Hackers are using it to gain control over smart devices and steal vulnerable data. Belgian Mathy Vanhoef is a renowned IT researcher and specialist who studies CSP (Cybersecurity & Privacy). It was him who first glimpsed at this specific vulnerability related to Wi-Fi security. His discovery was named KRACK. It is short for Key Reinstallation Attack. KRACK is discovered while Vanhoef was going through wi-fi vulnerabilities and it became a priority. KRACK can easily bypass security and help attackers steal data, private chats, login credentials and even credit card information. And the user would have nothing to do with it as they will have no idea what’s going on. This attack stays like a leech and the hacker listens for device data as long as something interesting pops up.


According to a report covered by a IT publication these “Frag Attacks” currently is lacking sort of evidence to publish in diagrams. Wi-Fi Protected Access 3 (WPA3) and WPA2 both are vulnerable to KRACKs. Sending in ransomware, or malware can also be injected via an attack. Depending on the network configuration, much more can be done unless the user changes configuration. Usually updating drivers to the latest one can fix the problem on a network but most of the time it is not enough. MAC filtering is one of the effective solutions. Only filter the addresses specified by the user of all the device connected like smartphones and smart home devices.


Frag Attacks can come in the form of simple mail. The mail will be attached with an image file but it will just allocate space instead of showing the image. Once a user clicks on the file, their network route and directory IP’s will be sent back to a remote host or the attacker. At that session, every keystroke put on any login field can be tracked by a hacker. Which will later be used without the user’s concern. Attackers send mass files using the method. So, there are many vulnerabilities. It is why we can find many user information, location, IP, email, credit card information, emails and accounts with paid subscriptions sold on many third-party platforms and the dark web. We thought only WPA2 had this flaw in its system but turns out, WPA3 also has this security vulnerability. Many levels of security came with Wi-Fi protection. And Being the lasted one and vulnerable is a matter of concern. As technology is evolving, it’s getting easier to find loopholes. KRACK being a ranged attack, a small caution may go long way. It is to care for a connection that is close to the host and monitor what kind of data it requires to function.

Element_300x600_June_2.jpg

LATEST RESOURCES

 

 

Parting the clouds. 

for greater security

Covid-19 has landed CSOs a unique opportunity to embrace web isolation.

Eliminate malware threats with zero trust 

Isolation-powered security provides full protection against email and Web based threats.

7 Customer Service Mistakes Companies Should Avoid Making

2020 was a tumultuous year but it did bring customer service back to the forefront of the business planning agenda for 2021. As you plan and prioritise your initiatives, it is important to avoid mistakes.

Integrating Compliance into Innovation: Taking Control Over Customer Communications

Compliance is one of those areas that is better off unnoticed. When compliance does get attention, it is usually because something has gone wrong and that is something that keeps executives up at night. It is easy to see why. 

Artificial Intelligence Based COVID Signature

Detection Software

The software takes the X-Rays and CT scans in digital format and analyses the X-Ray reports through uploading the images which is followed by detailed report about the patient suffering from COVID19 or similar ailments.

Six Steps to Drive Your

Process Center of Excellence to Success

Find out why yo need a center of excellence - and how save you time and money while improving experiences for both your customers and employees. 

Steps to Deliver Data You Can trust at the Speed of Business

Why trusted data is the key to digital transformation. Discover and cleanse your data. 

Organise data you can trust and empower people

Automate your data pipelines and enable data access.

2021 Threat Report 

Four Key Trends in the Cyber-Threat Landscape.

The security implications of remote working, SaaS takeover, rise of fearware, server side attacks, ransomware and Darktrace immune system.

Safe, inclusive communications for the University of Innsbruck

The open matrix is the foundation for secure, collaborative academic research and learning. Keen to support its learning culture, the university wanted to introduce a real time messaging system. 

Darktrace_Logo_Main.png
Element_Logo.jpg
eGain_logo.jpg
talend_Logo.png
MenloSecurity_Signature_Purple_RGB.jpg
MenloSecurity_Signature_Purple_RGB.jpg
nintex_logo.png
GMC_Software_Logo.jpg

    SUBSCRIBE

to our latest RESOURCES

to keep up to date with the

latest whitepapers

WP_GMC_Cover.jpg
WP_bold360_Cover.jpg