Watchdog: All Wi-Fi Vulnerable

The Washington Post
Published: 10/17/2017 12:21:43 AM
Modified: 10/17/2017 12:21:48 AM

A top federal government cybersecurity watchdog issued an advisory on Monday, warning users to update their devices to protect against a newly discovered vulnerability that affects nearly every modern, protected Wi-Fi network.

The U.S. Computer Emergency Readiness Team’s announcement comes after a security expert at the University of Leuven in Belgium published findings that showed that a widely used encryption system for wireless networks could give attackers an opening to steal sensitive information such as emails, chat histories and credit card numbers.

The exploit would allow hackers to eavesdrop on internet traffic between computers and wireless access points. The findings are significant because of the wide range of devices that could be affected.

“The attack works against all modern protected Wi-Fi networks,” Mathy Vanhoef said on a website he created to share his research. “Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”

Vanhoef said any device that supports Wi-Fi probably leaves itself vulnerable to this attack, called KRACK, for Key Reinstallation Attack. “During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks,” he noted on the website.

Cisco, Intel and Samsung were among the companies whose products were affected but have since updated their devices.

Vanhoef noted that even when internet users connect to secure websites that use the HTTPS protocol, they may still be at risk. “Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations,” he said.

While he acknowledged that some of the attack scenarios discussed in his research are impractical to pull off, he said the bottom line is that you should still “update all your devices once security updates are available.”

Valley News

24 Interchange Drive
West Lebanon, NH 03784


© 2021 Valley News
Terms & Conditions - Privacy Policy