Advertisement

The new flaw that has 'every Wi-Fi network' at risk from hackers

Every Wi-Fi connection around the world could be at risk because of a new vulnerability allowing hackers to access sensitive data, security researchers have claimed.

The flaw, known as Krack, uses a weakness in the WPA2 protocol, which is used to secure all modern Wi-Fi systems.

The researchers say that in theory, the weakness can be used by hackers within range of a Wi-Fi network to access and read information previously assumed to be encrypted.

It could also be used to inject viruses such as malware or ransomware into websites.

Mathy Vanheof, from the research team at Belgian University KU Leuven, said: “The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations.

The flaw, known as Krack, uses a weakness in the WPA2 protocol, which is used to secure all modern wi-fi systems. Source: Supplied
The flaw, known as Krack, uses a weakness in the WPA2 protocol, which is used to secure all modern wi-fi systems. Source: Supplied

“Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected.”

The flaw relates specifically to digital ‘handshakes’ made between devices and Wi-Fi routers when they connect, which secures data that travels between that connection.

But the Belgian team has found a way to break into this connection, which could enable hackers to access the encrypted data travelling within it, which could include passwords, credit card details and messages sent over the wi-fi network.

The researchers said changing wi-fi passwords would not fix the problem, and software from technology giants such as Apple, Google and Microsoft are all susceptible to some version of the vulnerability – though it can be fixed through software and firmware updates.

The attack can also not be carried out remotely, with hackers required to be in range of the network in order to attempt a breach.

Technology giants such as Apple, Google and Microsoft are all susceptible to some version of the vulnerability. Source: Twitter
Technology giants such as Apple, Google and Microsoft are all susceptible to some version of the vulnerability. Source: Twitter

Cyber security researcher Lee Munson from Comparitech.com said: “The WPA2 encryption algorithm, which was thought to be rock solid, is so widespread in its use that its cracking potentially puts everyone at risk.

“In reality, the fact that an attacker has to be within wireless range would suggest any attacks would be targeted rather than random but, even so, home users especially need to be aware of the dangers.

“Until the issue is fixed via a router firmware update – if possible – or WPA2 is superseded, everyone should adopt an additional level of caution when sending sensitive information to online servers.

“Users are advised to look out for the padlock symbol in their browser, or the addition of the letter ‘s’ on the end of the http part of a web address, before sharing personal or financial information; advice that is more valuable now than ever before.”

Industry body the Wi-Fi Alliance said it was already working with providers to issue software updates to patch the flaw.

The firm said in a statement: “This issue can be resolved through straightforward software updates and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users.

“Users can expect all their wi-fi devices, whether patched or unpatched, to continue working well together.