Fraud & Identity Fraud & Identity


Fraud & Identity Featured Article

October 17, 2017

Krebs Indicates KRACK Isn't So Bad

Fraudsters and hackers are stealing our data, our dollars, and our identities. The steady stream of news on this front, quite frankly, can sometimes be exhausting.

We need to protect ourselves. But no plan is foolproof. Regularly checking your credit score is important. But, wait, now the credit score company has been compromised.

So when I heard about one of the latest vulnerabilities – the WPA2 one – my heart sank. But then I researched it a bit more, and I felt a little better.

Here’s the deal. A guy named Mathy Vanhoef has found a flaw in the WPA2 Wi-Fi protocol. It’s a weakness related to the protocol’s four-way handshake.

Vanhoef and Frank Piessens explain “the four-way handshake is vulnerable to a key reinstallation attack. Here, the adversary tricks a victim into reinstalling an already in use key. This is achieved by manipulating and replaying handshake messages.”


This kind of attack has been dubbed KRACK. And this kind of operation could allow hackers to decrypt network traffic to hijack connections and inject content into the traffic stream.

Here’s where the good news comes in.

Brian Krebs of Krebs on Security explains that KRACK attacks require bad actors to be within range of a signal between the end user’s device and the wireless access point providing it with Wi-Fi connectivity. He adds that most of your interactions, like interactions with your financial institutions, are probably already kept private using Secure Sockets Layer. And, he continues, those in the know held off on making the WPA2 vulnerability public until they alerted Wi-Fi hardware vendors of the problem and they had a change to issue security updates.

“The Computer Emergency Readiness Team has a running list of hardware vendors that are known to be affected by this, as well as links to available advisories and patches,” Kreb said.

And he quoted this statement from the Wi-Fi Alliance. “There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections.”




Edited by Mandi Nowitz

Article comments powered by Disqus






Industry Insights

(MobileID) Proactive Fraud Prevention

Interconnect-related fraud such as International Revenue Share Fraud (IRSF) and PBX hacking fraud continue to be a billion dollar problem to the telecom industry.

(Defender Shield) Defense solutions for the modern SMS ecosystem

SMS is a ubiquitous communication method for person-to-person (P2P) text messaging, which has been in use globally for nearly 20 years.

(Defender Shield) Preventing Grey Routes and the Multi-billion dollar Threat

The convenience of mobile messaging has brought communication efficiency to billions of consumers worldwide. As is often the case with widely accepted technologies; however, convenience can provide a vulnerable gateway to fraudulent activity.

Product Documents

Asset Protect

While unlimited or high-volume voice and SMS plans offer great value to subscribers, sometimes fraudsters exploit these plans to avoid paying termination and interconnect fees.

Defender Shield

In a world with ever-increasing Application-to-Person (A2P) messaging needs and competition, improving customer satisfaction and eliminating revenue leakage is key for protecting SMS profits.

MobileID

Accurate and cost-efficient routing of voice calls and SMS is critical. Unfortunately, gathering reliable routing data on ported numbers and keeping up with constant changes in number plans is expensive and time-consuming.

Fraud Solutions

Communications fraud is a $20B annual global problem and growing. Companies are looking for peace of mind so that their business and their customers are protected from the onslaught of technology crime that is damaging their reputations and their balance sheets.