Wi-Fi Network Flaw Could Let Hackers Spy on You
NEW YORK — The Wi-Fi network you’re using may be susceptible to hacking.
A new security flaw, discovered by researcher Mathy Vanhoef of the University of Leuven in Belgium, appears to be affecting Wi-Fi connections.
The issue stems from WPA2, a protocol that secures wireless networks. The flaw, called KRACK (short for Key Reinstallation Attacl), could let a hacker within range of your device break encryption and potentially steal and manipulate data.
“Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” Vanhoef wrote. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.”
This means an attacker could trick someone’s device into connecting to their Wi-Fi access point, instead of the one to which they’re trying to connect.
But there’s bit of a silver lining: There are no reports of this flaw being exploited in the wild, and some companies have already issued patches.
In his report, Vanhoef listed a number of operating systems at risk, including Google Android, Linux, Apple MacOS, Microsoft Windows, OpenBSD, MediaTek, and Linksys.
Android 6.0 and Linux are the most at risk, the report said.
“We’re aware of the issue, and we will be patching any affected devices in the coming weeks,” a Google spokesperson told CNN Tech.
Meanwhile, Microsoft said customers who have the latest Windows Update, launched last week, and applied the security updates, are automatically protected.
If you use only secure websites — that is, those that use HTTPS, instead of HTTP with a lock icon in the address bar — you’re protected from this vulnerability, according to the report. However, that can be difficult on mobile apps.
United States Computer Emergency Readiness Team (CERT) issued a warning on Monday that encouraged all Wi-Fi users to install updates when available. The organization is keeping a running list of affected vendors.
The Wi-Fi Alliance, a group of companies that defines Wi-Fi standards and certifies products, said it will now test for the vulnerability as part of its certification process and provide a detection tool to any of its members.
An attack may also be a challenge for hackers execute.
“The good news is that for most home users, the attacks are computationally expensive and not trivial,” said Kenneth White, a Washington D.C.-based security consultant to federal agencies. “But Android owners in particular should be checking for updates and pressing their device maker for a response.”
Vanhoef said that home users should make it a priority to update phones and computers.