Avoid public Wi-Fi: CERT-In warns

Warning follows recent computer security incidents

Avoid public Wi-Fi: CERT-In warns

India’s cyber security agency has asked people to avoid using public Wi-Fi networks following a series of computer security incidents in recent days.

The Indian Computer Emergency Response Team (CERT-In) said hackers can use “multiple vulnerabilities in Wi-Fi protected access and steal passwords and credit card information from users of public Wi-Fi networks in airports or railway stations.

“Multiple vulnerabilities are reported in Wi-Fi Protected Access II (WPA2) protocol implementations, which could be exploited by an attacker within the wireless communications range,” the CERT-In has said in its warning.

It further said the hacker could use the vulnerability to attack devices using methods like arbitrary packet decryption & injection, TCP (transmission control protocol) connection hijacking, HTTP (Hypertext Transfer Protocol) content injection, or various replay attacks.

An attacker within the wireless communications range of access point (AP) or client could exploit multiple vulnerabilities in 4-way handshake in WPA2 protocol “to manipulate the handshake traffic, to induce nonce and session key reuse, resulting in key reinstallation by a victim wireless AP or client”, the note from the CERT-In — functioning under the Ministry of Electronics and Information Technology — said. If he succeeds, the attacker could get credit card numbers, passwords, chat messages and emails.

“Using a virtual private network and wired networks are safe as it will encrypt all traffic. Avoid public Wi-Fi at all costs”, it said adding that “Use a wired network if your router and computer both have a spot to plug in an Ethernet cable.”

Following a number of security incidents in India recently, the CERT-In increased the threat level of public Wi-Fis to high.

Earlier this week, the US-CERT announced the presence of a major fault (bug) in WPA2 encryption used in Wi-Fi  log ins.

*Says major flaw in Wi-Fi security system would allow attackers to steal info

*Recommends use of Virtual Private Network or wired network

*Earlier this week, US-CERT announced the major flaw in Wi-Fi security protocol


DH Newsletter Privacy Policy Get top news in your inbox daily
Comments (+)