WEBVTT - Release the KRACKen

0:00:03.720 --> 0:00:06.040
<v Speaker 1>When you set up a Wi Fi network, you should

0:00:06.080 --> 0:00:09.440
<v Speaker 1>always create a unique admin and password to protect it,

0:00:09.760 --> 0:00:13.280
<v Speaker 1>and you should also know that that doesn't really matter

0:00:13.320 --> 0:00:17.919
<v Speaker 1>anymore for now. I'm Jonathan Strickland, and this is tech

0:00:17.920 --> 0:00:24.200
<v Speaker 1>Stuff Daily. If you've ever used a Wi Fi network

0:00:24.239 --> 0:00:27.480
<v Speaker 1>with security settings, you're likely relying upon a protocol called

0:00:27.680 --> 0:00:31.840
<v Speaker 1>w p A two. It stands for WiFi Protected Access

0:00:32.000 --> 0:00:35.640
<v Speaker 1>and it's a security certification program that's supposed to allow

0:00:35.760 --> 0:00:40.280
<v Speaker 1>for secure communication between devices and the Internet. Only now,

0:00:40.440 --> 0:00:43.559
<v Speaker 1>there's a workaround that makes w p A two about

0:00:43.640 --> 0:00:46.520
<v Speaker 1>as safe as a vault door made of tissue paper.

0:00:47.400 --> 0:00:50.520
<v Speaker 1>Some researchers uncovered the security flaw and wrote a paper

0:00:50.560 --> 0:00:54.840
<v Speaker 1>about it, publishing that paper in October. The flaw means

0:00:54.920 --> 0:00:58.680
<v Speaker 1>that devices running on Android, Lennox, Open BSD, and a

0:00:58.680 --> 0:01:01.880
<v Speaker 1>few other operating systems may send information to something that

0:01:01.960 --> 0:01:06.000
<v Speaker 1>appears to be a specific WiFi access point, but in

0:01:06.080 --> 0:01:10.640
<v Speaker 1>fact is a malicious clone. Some operating systems, like iOS

0:01:10.680 --> 0:01:14.160
<v Speaker 1>and Windows are immune against certain implementations, but are still

0:01:14.240 --> 0:01:18.520
<v Speaker 1>vulnerable to others. Here's what's going on. The attacker runs

0:01:18.640 --> 0:01:23.880
<v Speaker 1>special software called key reinstallation attacks or cracks k R

0:01:24.080 --> 0:01:28.200
<v Speaker 1>A c k S. The crack will allow the attacker

0:01:28.240 --> 0:01:31.640
<v Speaker 1>to clone the network, fooling certain electronics into connecting with

0:01:31.680 --> 0:01:35.319
<v Speaker 1>the malicious clone rather than the legitimate network. It does

0:01:35.360 --> 0:01:38.440
<v Speaker 1>this by interrupting a process called the four way handshake.

0:01:38.880 --> 0:01:41.039
<v Speaker 1>This is a process through which a device and a

0:01:41.120 --> 0:01:45.040
<v Speaker 1>network verify that they are having legitimate communication with each other.

0:01:45.440 --> 0:01:50.040
<v Speaker 1>The crack technique manipulates and then replays this cryptographic handshake message,

0:01:50.280 --> 0:01:55.240
<v Speaker 1>resetting the devices encryption process and intercepting all communication between

0:01:55.280 --> 0:01:57.880
<v Speaker 1>that device and the network. This is a type of

0:01:57.920 --> 0:02:02.560
<v Speaker 1>attack known as a man in the middle attack. Worse

0:02:02.600 --> 0:02:05.320
<v Speaker 1>than that, the clone network will be able to decrypt

0:02:05.400 --> 0:02:08.560
<v Speaker 1>communications sent through it. Pairing this with some other well

0:02:08.600 --> 0:02:12.120
<v Speaker 1>known hacker software, such as s s L strip allows

0:02:12.160 --> 0:02:16.519
<v Speaker 1>the cloned network to downgrade traffic to the HTTP protocol

0:02:16.680 --> 0:02:20.320
<v Speaker 1>instead of h T t P S. You may have

0:02:20.360 --> 0:02:22.239
<v Speaker 1>been told to keep an eye on the address bar

0:02:22.320 --> 0:02:24.960
<v Speaker 1>of your browser to verify the presence of that little

0:02:25.200 --> 0:02:29.040
<v Speaker 1>lock symbol next to the HTTPS. This tells you that

0:02:29.080 --> 0:02:32.000
<v Speaker 1>you've got a secure connection to that particular web page.

0:02:32.600 --> 0:02:36.440
<v Speaker 1>S s L strip pushes traffic to an HTTP protocol,

0:02:36.680 --> 0:02:40.800
<v Speaker 1>removing that extra level of security. However, this is reflected

0:02:40.800 --> 0:02:42.920
<v Speaker 1>in the address bar, so if you're paying attention, you

0:02:42.960 --> 0:02:46.240
<v Speaker 1>may notice the problem right away. The solution to this

0:02:46.320 --> 0:02:50.880
<v Speaker 1>problem involves updating devices with security patches that remove the vulnerability.

0:02:50.960 --> 0:02:54.600
<v Speaker 1>Changing your networks log in and password information doesn't help

0:02:54.639 --> 0:02:58.200
<v Speaker 1>all by itself, as this attack sidesteps those measures in

0:02:58.240 --> 0:03:01.000
<v Speaker 1>the first place. You have to doll updates to your

0:03:01.080 --> 0:03:04.960
<v Speaker 1>various devices. Those updates take time to develop and roll out,

0:03:05.000 --> 0:03:06.960
<v Speaker 1>and by the time you hear this, there may still

0:03:07.000 --> 0:03:10.200
<v Speaker 1>be some devices you own that lack of patch. It's

0:03:10.200 --> 0:03:12.080
<v Speaker 1>a good idea to be careful about using Wi Fi

0:03:12.200 --> 0:03:16.359
<v Speaker 1>networks in the meantime, particularly in public spaces. Though this

0:03:16.400 --> 0:03:19.679
<v Speaker 1>attack can turn any Wi Fi network into a vulnerability,

0:03:19.840 --> 0:03:23.600
<v Speaker 1>even in your home network. Switching to wired connections would

0:03:23.639 --> 0:03:28.320
<v Speaker 1>also prevent any unintended communication with malicious networks. The flaw

0:03:28.400 --> 0:03:32.200
<v Speaker 1>illustrates how difficult network security can be. First, you need

0:03:32.240 --> 0:03:36.440
<v Speaker 1>a reliable system that isn't easily breached or manipulated, and

0:03:36.520 --> 0:03:40.360
<v Speaker 1>until recently, w p A two seemed to put the bill. Now,

0:03:40.400 --> 0:03:43.400
<v Speaker 1>it's clear that the system had some major flaws, but

0:03:43.520 --> 0:03:47.240
<v Speaker 1>let's assume that the security protocol is top notch and

0:03:47.400 --> 0:03:50.640
<v Speaker 1>has no other known vulnerabilities. There are still plenty of

0:03:50.640 --> 0:03:54.520
<v Speaker 1>opportunities for malicious hackers to get unauthorized access to a system.

0:03:54.960 --> 0:03:58.960
<v Speaker 1>Legitimate users who choose weak login and passwords are a liability.

0:03:59.400 --> 0:04:03.560
<v Speaker 1>Humans are pretty bad remembering complicated passwords, and so it's

0:04:03.640 --> 0:04:05.720
<v Speaker 1>natural for us to get a little lazy and come

0:04:05.800 --> 0:04:08.600
<v Speaker 1>up with passwords that aren't very tricky at all. The

0:04:08.720 --> 0:04:12.120
<v Speaker 1>truly foolish never bothered to change their access points passwords

0:04:12.160 --> 0:04:14.720
<v Speaker 1>from the default, which means an attacker with knowledge of

0:04:14.760 --> 0:04:17.880
<v Speaker 1>the default passwords can get easy access to that network.

0:04:18.279 --> 0:04:20.760
<v Speaker 1>Others will take a minor step forward and use a

0:04:20.800 --> 0:04:25.680
<v Speaker 1>new password but rely on actual simple words. Hacker using

0:04:25.680 --> 0:04:28.279
<v Speaker 1>a brute force attack in which a machine puts forward

0:04:28.360 --> 0:04:30.640
<v Speaker 1>various words at high speeds and an attempt to find

0:04:30.640 --> 0:04:34.640
<v Speaker 1>the password, could gain access to such an account. Strong

0:04:34.760 --> 0:04:38.520
<v Speaker 1>complex passwords are more reliable, particularly if they are longer

0:04:38.560 --> 0:04:42.000
<v Speaker 1>than eight characters, but these are much more difficult to remember,

0:04:42.040 --> 0:04:45.760
<v Speaker 1>particularly if you're practicing good security etiquette and you've created

0:04:45.760 --> 0:04:48.960
<v Speaker 1>a new password for every site or service. You can

0:04:49.000 --> 0:04:52.360
<v Speaker 1>build complex passwords out of collection of common words, and

0:04:52.440 --> 0:04:54.960
<v Speaker 1>that helps, but you still need to remember what those

0:04:55.000 --> 0:04:57.560
<v Speaker 1>passwords are and not rely on the same one for

0:04:57.920 --> 0:05:00.720
<v Speaker 1>two or three for all of your law and information,

0:05:01.320 --> 0:05:03.760
<v Speaker 1>and keep in mind that the weakest point in any

0:05:03.839 --> 0:05:07.120
<v Speaker 1>security system tends to be people. There have been plenty

0:05:07.120 --> 0:05:10.080
<v Speaker 1>of systems that were breached, not through some hacker running

0:05:10.080 --> 0:05:13.039
<v Speaker 1>a slide piece of code to probe for passwords, but

0:05:13.200 --> 0:05:16.000
<v Speaker 1>rather a person just chatting with a company's employee and

0:05:16.040 --> 0:05:18.920
<v Speaker 1>an effort to get more information. The worst thing about

0:05:18.960 --> 0:05:21.000
<v Speaker 1>the w P A two flaws that you could be

0:05:21.000 --> 0:05:25.359
<v Speaker 1>practicing extremely healthy security habits and it doesn't even matter

0:05:25.520 --> 0:05:28.760
<v Speaker 1>because the vulnerability exists in the protocol itself. It just

0:05:28.800 --> 0:05:32.800
<v Speaker 1>doesn't seem fair. Fortunately, with some software updates, companies can

0:05:32.839 --> 0:05:35.640
<v Speaker 1>remove this possibility and you can rest easy. Just another

0:05:35.640 --> 0:05:38.920
<v Speaker 1>reason why it's always important to install those updates. That's

0:05:38.920 --> 0:05:42.440
<v Speaker 1>all for today. To learn more about hacking, security and malware,

0:05:42.720 --> 0:05:45.560
<v Speaker 1>check out tech Stuff. It's my long form podcast that

0:05:45.600 --> 0:05:48.680
<v Speaker 1>publishes on Wednesdays and Fridays and explores all topics in

0:05:48.720 --> 0:06:01.560
<v Speaker 1>the world of technology. I'll see you again soon. Eight