Severe WiFi security flaw puts millions of devices at risk

"If your device supports Wi-Fi, it is most likely affected", they said on the www.krackattacks.com website, which they set up to provide technical information about the flaw and methods hackers might use to attack vulnerable devices.

"Given the complexity of updating smart devices such as mobile phones, CERT NZ also strongly recommends disabling Wi-Fi when it isn't required", it said in its advisory.

As scary as this attack sounds, there are several mitigating factors at work here. "The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations". Microsoft says it has already issued an update. The vulnerability can also be put to use to inject malware or ransomware into systems as well, which underscores a huge risk that both corporates and domestic users face in the aftermath of the discovery of the security flaw.

Make sure Wi-Fi is turned off when you're not using it.

Hackers are able to search for a WiFi network and then clone it to trick users.

According to Vanhoef, Linux computers and Android phones are particularly vulnerable to an "exceptionally devastating" version of KRACK. In the meantime, treat every Wi-Fi connection like it's the public network at Starbucks.

The vulnerability is the first to be found in the modern encryption techniques that have been used to secure Wi-Fi networks for the last 14 years.

"This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users", the Wi-Fi Alliance wrote in a statement about KRACK. "Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together".

On the other hand, Engadget also revealed that Apple Inc. also came up with a fix to prevent the possible KRACK attacks in the latest beta versions of their operating systems, including macOS, iOS, tvOS, and watchOS.

Even if you were bored enough to actually click on the More info button, you would have had to be REALLY bored to even spot a reference to a vague mention of a wireless security update in the last bullet item of the knowledge base article.

This padlock will appear on all HTTPS sites. At present, not much will be achieved by changing the Wi-Fi password.

Related:

Comments

Other news