New WPA2 Flaw Puts Millions Of WiFi Users At Risk

Delia Watkins
October 17, 2017

The US government's computer security watchdog warned Monday of a security flaw in Wi-Fi encryption protocol which can open the door to attacks to eavesdrop on or hijack devices using wireless networks.

What's worse still is that any data that is sent over an affected network could be read by hackers, even on website that use the more secure HTTPS protocol, which makes harder for data to be read by hackers. Unlike in past when older WiFi security protocols have been compromised, there is nothing to replace WPA2.

"If your device supports Wi-Fi, it is most likely affected", Vanhoef writes. The attack, however, is "exceptionally devastating" for devices that run Android 6.0, Vanhoef found. Google did not respond to a request for comment. By rerouting a device through the dummy network the hacker is able to expose sensitive information that otherwise would've been encrypted.

"Additionally, it's likely that you don't have too many protocols relying on WPA2 security".

Earlier today, it was discovered that there's a security flaw in virtually all Wi-Fi networks, that could allow attackers to spy on your network traffic, or even manipulate websites.

As plainly put, a bug affectionately called KRACK (Key Reinstallation Attack) has put nearly every modern Wi-Fi enabled device and content at risk of being decrypted by hackers. However, wireless routers and access points may require a vendor patch to protect against this vulnerability.

Deeney questions Arsenal's spirit after Watford defeat
There was a pinball inside the Arsenal penalty area and Tom Cleverley smashes the ball into the roof of the net. Physically we were not at the same level and on top of that we missed chances to score the second goal.

Causing extreme concern, the U.S. Computer Emergency Readiness Team has come forward with a specific warning pertaining to the flaw. The researchers say that all Wi-Fi clients and access points should be patched if fixes are available and that users should continue to use WPA2 until then.

Most modern Wi-Fi networks have their traffic encrypted by a protocol known as WPA or WPA-2, which has existed since 2003 and until now has never been broken. Its official name is KRACK, which comes from Key Reinstallation Attack, and it reportedly affects everyone that uses a Wi-fi connection.

The firm said in a statement: "This issue can be resolved through straightforward software updates and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users".

On a positive note, remote attacks using this exploit alone are impossible as the hacker would need to be in physical proximity to the router Alan Woodward, encryption expert from the University of Surrey explained that the attack is not scalable: "It's a very targeted attack". "Customers who apply the update, or have automatic updates enabled, will be protected", a representative of Microsoft told The Verge.

Ubiquity said it has a patch in beta for its routers, while MikroTik said its RouterOS v6.39.3, v6.40.4, and v6.41rc are not affected. Changing passwords, for example, is not a sufficient step.

The best way to protect against the WPA2 flaw, according to Vanhoef, is to keep an eye out for security updates for your router and ensure that you have up-to-date security software on the devices you plan to connect to a Wi-Fi hotspot or router.

Other reports by PlayStation Move reviews

Discuss This Article