Following a series of computer security incidents in recent days India's cyber security agency has advised people to avoid Wi-Fi in public.
The Indian Computer Emergency Response Team (CERT-In) said hackers can use "multiple vulnerabilities in Wi-Fi protected access and steal passwords and credit card information from users of public Wi-Fi networks in airports or railway stations.
"Multiple vulnerabilities are reported in Wi-Fi Protected Access II (WPA2) protocol implementations, which could be exploited by an attacker within the wireless communications range," the CERT-In said.
The hacker could use the vulnerability to attack devices using methods such as arbitrary packet decryption and injection, transmission control protocol connection hijacking, HTTP (Hypertext Transfer Protocol) content injection, or various replay attacks, the warning further states.
An attacker within the wireless communications range of access point (AP) or client could exploit multiple vulnerabilities in 4-way handshake in WPA2 protocol "to manipulate the handshake traffic, to induce nonce and session key reuse, resulting in key reinstallation by a victim wireless AP or client", a note said.
"Using a virtual private network and wired networks are safe as it will encrypt all traffic. Avoid public Wi-Fi at all costs", it said adding that "Use a wired network if your router and computer both have a spot to plug in an Ethernet cable."
OneIndia News
