CHENNAI: Browsing internet using public wireless computer network at railway stations and airports may leave you vulnerable to cyber attacks, government agency Indian Computer Emergency Response Team (CERT-in) has warned.
The nodal agency for responding to computer security incidents in India has rated the vulnerability quotient of public Wi-Fi in the country at 'high'.
"Successful exploitation of these vulnerabilities allows an attacker to obtain sensitive information such as credit card numbers, passwords, chat messages, emails etc," CERT-in said.
The Indian agency has suggested that users avoid public Wi-Fi at all costs and instead use VPN (virtual private network) and wired networks.
The note follows an international research that highlighted the vulnerability in WPA or WPA2 encryption that is most commonly used to connect to wireless networks.
Researchers led by Mathy Vanhoef found that devices based on Android, iOS, Linux, macOS and Windows were among those vulnerable. They called this type of attack a key reinstallation attack, or KRACK"Using this vulnerability, a hacker can get unauthorised connection to the wireless network. They can capture every other system on the network and see what they are browsing.
They can also disguise themselves as one of the users and take advantage," said Vinod Senthil, founder, InfySec. Experts said changing the Wi-Fi password will not prevent or mitigate this attack. They suggested using LAN till the vulnerability is addressed..
Cautions:
*Avoid public Wi-Fi at all costs and instead use VPN (virtual private network) and wired networks, advised govt agency
*This follows an international research that highlighted the vulnerability in WPA or WPA2 encryption
*Microsoft has issued an update that addresses the vulnerability, Google and Apple expected to issue patches soon
