Too Bad for Security

Author: Shazin Sadakath


This hasn't been a good couple of weeks for Computer Security as earlier it was revealed that WPA2 has been cracked due to a flow in the protocol. If you are a Technical person you can go through the Research Paper to fully understand what the vulnerability is but in short I will explain the context.

Almost everyone who uses a Wifi Router is knowingly or unknowingly using a WPA2 key to access their router. WPA2 is the abbreviation for Wi-Fi Protected Access II, which is widely used method to protect Wifi Networks after the hacking of WEP (Wired Equivalent Privacy) in the year 2001. Basically what this means that your neighbour with sufficient computing knowledge can get access into your Wifi Network. This is a problem but not a serious problem as your Wifi Network has a limited range and attacks carried out is also limited. But turning off Wi-Fi on your phone, relying on mobile data, not ignoring HTTPS certificate warnings, and plugging into an Ethernet port instead of using Wifi might be some precautions you can take.

But things got uglier when it was revealed that a RSA library has introduced a vulnerability in security hardware produced by Infineon Technologies AG. The vulnerability is named as ROCA allows for an attacker, to perform a Coppersmith’s attack, to compute the private key with nothing more than the public key, which nullifies the purpose of Asymmetric encryption. Asymmetric encryption must ensure that Public Key and Private Key are not related by any means and Data Encryption could only be performed by the Public Key and Data Decryption can only be performed by the Private Key. 

This issue has affected keys in various domains including electronic citizen documents (Estonian identity cards), authentication tokens, trusted boot devices, software package signing, TLS/HTTPS keys and PGP.

If you are concerned you can use the online tool to check whether your keys are vulnerable or if you want to do it offline by using the ROCA detection tool available in Github.

Sad news for Computer Security and let's hope things will get better.



Tags: WPA2 RSA Crack Security
Views: 934
Register for more exciting articles

Comments

Please login or register to post a comment.


There are currently no comments.