Advertisement

New flaw puts every wi-fi network in the world at risk from hackers, say researchers

Every wi-fi connection around the world could be at risk because of a new vulnerability that could allow hackers to access sensitive data, security researchers have claimed.

The flaw, known as Krack, uses a weakness in the WPA2 protocol, which is used to secure all modern wi-fi systems.

The researchers say that in theory, the weakness can be used by hackers within range of a wi-fi network to access and read information previously assumed to be encrypted.

It could also be used to inject viruses such as malware or ransomware into websites.

Security experts believe the flaw could compromise our personal information (Picture: Rex)
Security experts believe the flaw could compromise our personal information (Picture: Rex)

Mathy Vanheof, from the research team at Belgian University KU Leuven, said: “The weaknesses are in the wi-fi standard itself, and not in individual products or implementations.

“Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports wi-fi, it is most likely affected.”

The flaw relates specifically to digital ‘handshakes’ made between devices and wi-fi routers when they connect, which secures data that travels between that connection.

MOST POPULAR ON YAHOO UK:

The shocking moment a man led police on 110mph chase – with a baby in the car
30 pictures taken inside North Korea using a mobile phone
Storm Ophelia: Met Office warns of ‘potential danger to life’ in UK
Bride-to-be fears dream day is off after couple’s lewd photo sparks calls for foreign wedding ban

But the Belgian team has found a way to break into this connection, which could enable hackers to access the encrypted data travelling within it, which could include passwords, credit card details and messages sent over the wi-fi network.

The researchers said changing wi-fi passwords would not fix the problem, and software from technology giants such as Apple, Google and Microsoft are all susceptible to some version of the vulnerability – though it can be fixed through software and firmware updates.

The attack can also not be carried out remotely, with hackers required to be in range of the network in order to attempt a breach.

Cyber security researcher Lee Munson from Comparitech.com said: “The WPA2 encryption algorithm, which was thought to be rock solid, is so widespread in its use that its cracking potentially puts everyone at risk.

“In reality, the fact that an attacker has to be within wireless range would suggest any attacks would be targeted rather than random but, even so, home users especially need to be aware of the dangers.

Wi-fi routers could be hacked by exploiting the newly found flaw, say researchers (Picture: Rex)
Wi-fi routers could be hacked by exploiting the newly found flaw, say researchers (Picture: Rex)

“Until the issue is fixed via a router firmware update – if possible – or WPA2 is superseded, everyone should adopt an additional level of caution when sending sensitive information to online servers.

“Users are advised to look out for the padlock symbol in their browser, or the addition of the letter ‘s’ on the end of the http part of a web address, before sharing personal or financial information; advice that is more valuable now than ever before.”

Industry body the Wi-Fi Alliance said it was already working with providers to issue software updates to patch the flaw.

The firm said in a statement: “This issue can be resolved through straightforward software updates and the wi-fi industry, including major platform providers, has already started deploying patches to wi-fi users.

“Users can expect all their wi-fi devices, whether patched or unpatched, to continue working well together.

“There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections.”

They added: “Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member.

“Wi-Fi Alliance is also broadly communicating details on this vulnerability and remedies to device vendors and encouraging them to work with their solution providers to rapidly integrate any necessary patches.

“As always, wi-fi users should ensure they have installed the latest recommended updates from device manufacturers.”

Technology giant Microsoft confirmed it had already released a security update, a company spokeswoman saying: “Customers who apply the update, or have automatic updates enabled, will be protected.

“We continue to encourage customers to turn on automatic updates to help ensure they are protected.”

The Wi-Fi Alliance also thanked the KU Leuven research team for “discovering and responsibly reporting” the Krack flaw, which it said enabled the industry to prepare security updates.