Avoid KRACK and ROCA against Hotspots with VPN

One of the main benefits of VPN from vpswala.org is securing data and important credentials from eavesdropping by third parties or criminals when we connect to Wi-Fi hotspots or free Wi-Fi. Wi-Fi service providers have tried to secure their users with encryption. But in the final quarter of 2017, some security threats could penetrate encryption security. The first threat that deserves attention is KRACK (Key Reinstallation Attack). Data transmitted through all Wi-Fi wireless devices that use WPA2 security is vulnerable to leakage when exploited with certain techniques. The vulnerable network configurations are WPA1 and WPA2, both PSK (Personal) and Enterprise. This applies to all ciphers (WPA-TKIP, AES-CCMP, and GCMP). All Wi-Fi that uses WPA2 protection can be exploited and used to steal sensitive information such as account credentials, credit cards, e-mail, and important files.

This threat is very serious because all operating systems and Wi-Fi devices in the world can be exploited. Unlike malware threats that usually target the biggest victims of the Windows operating system, this time the two operating systems that have the highest risk of this vulnerability are Android 6.0 and Linux. But on the contrary, the use of a VPN server that is wrong can also result in less optimal information searches performed. Google usually provides search results based on the user’s geographical location and gets them from the user’s IP. The second threat that also threatens wireless networks is known as the ROCA (Return of Coppersmith Attack) which occurs because of a vulnerability in implementing RSA encryption key security on the Infineon TPM (Trusted Platform Module). Infineon TPM is a special chip designed to secure hardware by integrating cryptographic keys on devices and used to secure cryptographic processes.

For information, TPM Infineon is used by billions of devices in the world. Microsoft, Google, HP, Lenovo, and Fujitsu are some of the major vendors that use Infineon TPM and take immediate action to make patches to close this security gap.