ADVERTISEMENT
ADVERTISEMENT
RADP / Pulse Nigeria  >  BI  >  Tech

There is a 'devastating' security flaw in Wi-Fi, and you're likely at risk

pulse

Pretty much every Wi-Fi-enabled device in the world is compromised.

The vulnerability affects all major modern devices and operating systems, including Android, Apple, Windows, Linux, and more.

"The attack works against all modern protected Wi-Fi networks," researcher Mathy Vanhoef wrote on a website outlining his findings.

"If your device supports Wi-Fi, it is most likely affected."

The weakness was found in the security protocol WPA2, and is being referred to as a KRACK attack, referring to the "key reinstallation attack" that was used. In short, it allows an attacker to intercept and read sensitive data being transferred over the network.

ADVERTISEMENT

This is, security professionals agree, a very serious vulnerability — one that affects devices on a massive scale.

There are some mitigating factors, as Iron Group CTO Alex Hudson pointed out in a blog post.

For starters, any attacker exploiting the vulnerability needs to physically be on the same Wi-Fi network as you. "So, you’re not suddenly vulnerable to everyone on the internet," he wrote. "It’s very weak protection, but this is important when reviewing your threat level."

And secondly, if websites often use an additional level of encryption — HTTPS — that hasn't been compromised. So if your bank uses it to secure your financial data, for example, an attacker wouldn't be able to grab it.

ADVERTISEMENT

Still, Hudson cautioned: "There are plenty of nasty attacks people will be able to do this. They may be able to disrupt existing communications. They may be able to pretend to be other nodes on the network. This could be really bad ... they can definitely pretend to be non-secure resources. Almost certainly there are other problems that will come up, especially privacy issues with cheaper internet-enabled devices that have poor security."

Android is particularly at risk from the vulnerability, Vanhoef wrote. But this isn't insurmountable. Fixes can be developed for the problem — but in practice, these will take time to roll out, and not all hardware vendors will update their products in a timely fashion.

Vendors were first warned about the vulnerability back in July, so they had time to prepare patches before it was publicised. The researcher said they didn't know whether the vulnerability has been exploited by real-world attackers yet — but now it has been made public, the chances of it happening seem likely to increase.

pulse

Enhance Your Pulse News Experience!

Get rewards worth up to $20 when selected to participate in our exclusive focus group. Your input will help us to make informed decisions that align with your needs and preferences.

I've got feedback!

JOIN OUR PULSE COMMUNITY!

Unblock notifications in browser settings.
ADVERTISEMENT

Eyewitness? Submit your stories now via social or:

Email: eyewitness@pulse.ng

ADVERTISEMENT
ADVERTISEMENT