Wi-Fi networks around the world ‘at risk’ from hackers thanks to newly discovered flaw
The flaw – known as Krack – uses a vulnerability in the WPA2 protocol that is standard in most modern Wi-Fi routers.
Every Wi-Fi connection around the world could be at risk because of a new vulnerability that could allow hackers to access sensitive data, security researchers have claimed.
The flaw, know as Krack, uses a weakness in the WPA2 protocol, which is used to secure all modern Wi-Fi systems.
The researchers say that in theory, the weakness could be used by hackers within range of a Wi-Fi network to access and read information previously assumed to be encrypted.
Here it is. WPA2 is owned.
— ⚡️ Owen Williams (@ow) October 16, 2017
It could also be used to inject viruses such as malware or ransomware into websites.
Mathy Vanhoef, from the research team at Belgian university KU Leuven, said: “The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations.
“Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected.”
The flaw relates specifically to digital “handshakes” made between devices and Wi-Fi routers when they connect, which secure data that travels between that connection.
But the Belgian team has found a way to break into this connection, which could enable hackers to access the encrypted data travelling within it. This could include passwords, credit card details and messages sent over the Wi-Fi network.
— Rene Ritchie (@reneritchie) October 16, 2017
The researchers said changing Wi-Fi passwords would not fix the problem, and software from technology giants such as Apple, Google and Microsoft are all susceptible to some version of the vulnerability – though it can be fixed through software and firmware updates.
The attack can also not be carried out remotely, with hackers required to be in range of the network in order to attempt a breach.
Industry body the Wi-Fi Alliance said it was already working with providers to issue software updates to patch the flaw.
The firm said in a statement: “This issue can be resolved through straightforward software updates and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users.
“Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.
“There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections.”
Wi-Fi Alliance October 2017 security update: https://t.co/uybbUEignZ
— Wi-Fi Alliance (@WiFiAlliance) October 16, 2017
They added: “Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member.
“Wi-Fi Alliance is also broadly communicating details on this vulnerability and remedies to device vendors and encouraging them to work with their solution providers to rapidly integrate any necessary patches.
“As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers.”
Technology giant Microsoft confirmed it had already released a security update, a company spokeswoman telling the Press Association: “Customers who apply the update, or have automatic updates enabled, will be protected.
“We continue to encourage customers to turn on automatic updates to help ensure they are protected.”
The Wi-Fi Alliance also thanked the KU Leuven research team for “discovering and responsibly reporting” the Krack flaw, which it said enabled the industry to prepare security updates.