Oct 16, 2017

Wi-Fi exploit puts nearly everyone at risk

Internet users browse online in Hong Kong. Photo: Kin Cheung / AP

Your Wi-Fi may no longer be as secure as you thought. Researchers Monday morning revealed a breach that takes advantage of Wi-Fi vulnerabilities to allow hackers to see traffic between computers and wireless hubs, notably in the popular WPA2 security scheme, ArsTechnica reports. The hacker must be close to the Wi-Fi network to execute the hack, per IBTimes.

Why it matters: The WEP scheme has previously been hacked, and this is another reminder that Wi-Fi isn't always going to be secure. As Lee Munson, Security Researcher at Comparitech.com emails, "The WPA2 encryption algorithm, which was thought to be rock solid, is so widespread in its use that its cracking potentially puts everyone at risk."

  • Precautions to take: "Users are advised to look out for the padlock symbol in their browser, or the addition of the letter 's' on the end of the http part of a web address, before sharing personal or financial information," Munson said. ArsTechnica's Dan Goodin writes, "people should avoid using Wi-Fi whenever possible until a patch or mitigation is in place…As a fall-back users should consider using a virtual private network as an added safety measure."
  • How it's happening: There's a four-way handshake that establishes a key for securing traffic, but the third step allows the key to be resent multiple times, which allows encryption to be undermined, according to a researcher briefed on the vulnerability. The researchers, the United States Computer Emergency Readiness Team and KU Leuven, report this breach, called KRACK (Key Reinstallation Attacks) could allow connection hijacking and malicious code injection.
Go deeper