WiFi Hotspots at Airports, Railway Stations at ‘High’ Risk of Cyber Attacks, Warns Government Agency
New Delhi, Oct 20: Public WiFi hotspot or wireless internet networks installed at airports and railway stations are at risk of cyber attack, government agency Indian Computer Emergency Response Team (CERT-in) has warned. According to the CERT-in, the vulnerability quotient of public WiFi is at ‘high’. The warning has been issued after an international research that highlighted the vulnerability in WPA or WPA2 encryption that is most commonly used to connect to wireless networks. The researchers suggested using LAN till the vulnerability is addressed.
“Successful exploitation of these vulnerabilities allows an attacker to obtain sensitive information such as credit card numbers, passwords, chat messages, emails etc,” CERT-in reportedly said. The nodal agency advised people to avoid public WiFi at all costs and instead use VPN (virtual private network) and wired networks. According to researchers, users of Android, iOS, Linux, macOS and Windows devices were among those who were vulnerable to cyber attacks such as key reinstallation attack or KRACK.
According to a note by Kaspersky Labs, a data security firm, the KRACK works by abusing design or implementation flaws in the WPA2 protocol of Wi-Fi standard, or what is known as the four-way handshake (network authentication protocol) to reinstall an already-in-use key. It then resets the key and allows the encryption protocol to be attacked. to test this loophole, researchers launched an attack and found that all modern protected Wi-Fi networks are vulnerable to this.
“This is very serious. Every Wi-Fi network is at risk. It works when the attacker is within the range of the Wi-Fi device, taking advantage of a flaw in the handshake between the device and the router,” Ram Swaroop, founder, CyberSecurityWorks, a Chennai-based security company, was quoted as saying. Vinod Senthil, founder, InfySec, expressed similar views and said that hackers can capture every other system on the network and see what they are browsing using this vulnerability.
To address the vulnerability, the Microsoft has issued an update on Wednesday. Google and Apple are expected to issue patches soo.