Oct 16, 2017

Wi-Fi exploit puts nearly everyone at risk

Internet users browse online in Hong Kong. Photo: Kin Cheung / AP

Your Wi-Fi may no longer be as secure as you thought. Researchers Monday morning revealed a breach that takes advantage of Wi-Fi vulnerabilities to allow hackers to see traffic between computers and wireless hubs, notably in the popular WPA2 security scheme, ArsTechnica reports. The hacker must be close to the Wi-Fi network to execute the hack, per IBTimes.

Why it matters: The WEP scheme has previously been hacked, and this is another reminder that Wi-Fi isn't always going to be secure. As Lee Munson, Security Researcher at Comparitech.com emails, "The WPA2 encryption algorithm, which was thought to be rock solid, is so widespread in its use that its cracking potentially puts everyone at risk."

  • Precautions to take: "Users are advised to look out for the padlock symbol in their browser, or the addition of the letter 's' on the end of the http part of a web address, before sharing personal or financial information," Munson said. ArsTechnica's Dan Goodin writes, "people should avoid using Wi-Fi whenever possible until a patch or mitigation is in place…As a fall-back users should consider using a virtual private network as an added safety measure."
  • How it's happening: There's a four-way handshake that establishes a key for securing traffic, but the third step allows the key to be resent multiple times, which allows encryption to be undermined, according to a researcher briefed on the vulnerability. The researchers, the United States Computer Emergency Readiness Team and KU Leuven, report this breach, called KRACK (Key Reinstallation Attacks) could allow connection hijacking and malicious code injection.

Go deeper

John Kelly defends James Mattis against Trump attacks

John Kelly in the White House in July 2017. Photo: Cheriss May/NurPhoto via Getty Images

Former White House chief of staff John Kelly defended James Mattis on Thursday after President Trump attacked the former defense secretary as "the world's most overrated general" and claimed on Twitter that he was fired.

What he's saying: “The president did not fire him. He did not ask for his resignation,” Kelly told the Washington Post in an interview. “The president has clearly forgotten how it actually happened or is confused."

Barr claims "no correlation" between removing protesters and Trump's church photo op

Attorney General Bill Barr said at a press conference Thursday that there was "no correlation" between his decision to order police to forcibly remove protesters from Lafayette Park and President Trump's subsequent visit to St. John's Episcopal Church earlier this week.

Driving the news: Barr was asked to respond to comments from Defense Secretary Mark Esper, who said Tuesday that he "did not know a photo op was happening" and that he does everything he can to "try and stay out of situations that may appear political."

Updates: Cities move to end curfews for George Floyd protests

Text reading "Demilitarize the police" is projected on an army vehicle during a protest over the death of George Floyd in Washington, D.C.. early on Thursday. Photo: Yasin Ozturk/Anadolu Agency via Getty Images

Several cities are ending curfews after the protests over the death of George Floyd and other police-related killings of black people led to fewer arrests and less violence Wednesday night.

The latest: Los Angeles and Washington D.C. are the latest to end nightly curfews. Seattle Mayor Jenny Durkan tweeted Wednesday night that "peaceful protests can continue without a curfew, while San Francisco Mayor London Breed tweeted that the city's curfew would end at 5 a.m. Thursday.