TOP TAKES is IoT Sources’ filtered content channel, bringing you the most important breaking news and notable events surrounding the Internet of Things. Today’s post originated from: forbes.com.
The internet of things is as though a many-headed snake. There are just so many different parties involved here, so many users, so many service providers, so many different companies manufacturing these smart devices that we can’t seem to get over. The decentralized outlook is what makes this technology so awesome, but it also makes it highly difficult to tame. When a software catches a bug, the developer issues a patch.
The vulnerability, dubbed KRACK or Key Reinstallation Attack, has a simple way of functioning. WPA2-PSK, the most widely used security protocol used to secure devices and routers connected to a wi-fi network, had a glaring flaw. This flaw, which allows a third-party hacker to trick their way into a device as it connects to a wi-fi network using a password, allows said hacker to access and modify all information available to this device without even being on the network. By interfering with the authorization process that allows a device to connect to a closed wi-fi network, the hacker can do things such as intercept traffic, access stored data and even modify information accessed by the device at the time. So this hacker could tell which websites you like to visit, play that video from your friend’s wedding last month or even infect your device with an unknown malware to cause further damage. Just to be clear, this vulnerability affects any and all devices that can connect to wi-fi networks, regardless of which software it is running.
“The KRACK vulnerability presents itself as a serious threat, especially to end users who own internet of things technology in their homes. While enterprises can secure users with such services as mobile VPN, SD-WAN, and IPS, most IOT devices lack the muscle to run a mobile VPN and consumers don’t generally run SD-WAN or IPSes in their homes.” – Shlomo Kramer, CEO and Co-Founder of Cato Networks
