Widespread Security Flaw Leaves Wi-Fi Networks Open to Attack

Photo by Eugenio Marongiu / Shutterstock.com

A fundamental flaw has been discovered in the security layer that protects Wi-Fi networks.

As a result, it is possible for hackers to intercept information you transmit over a Wi-Fi connection.

This vulnerability in the security layer known as Wi-Fi protected access II, or WPA2, was discovered by Mathy Vanhoef, a researcher at Belgian university KU Leuven. He explains on his website devoted to the issue:

“This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”

The CERT Division of the Software Engineering Institute at Carnegie Mellon University — which is sponsored by the U.S. Department of Homeland Security — also issued a notice about the WPA2 vulnerability Monday.

How hackers can exploit devices

Attackers could exploit the WPA2 weakness using what’s known as a key reinstallation attack, or KRACK, if they are within range of your Wi-Fi network.

As Alan Woodward, a professor in the Department of Computer Science at England’s University of Surrey, explains it to the BBC:

“When any device uses Wi-Fi to connect to, say, a router it does what is known as a ‘handshake’: It goes through a four-step dialogue, whereby the two devices agree [on] a key to use to secure the data being passed (a “session key”). This attack begins by tricking a victim into reinstalling the live key by replaying a modified version of the original handshake. In doing this a number of important set-up values can be reset, which can, for example, render certain elements of the encryption much weaker.”

Vanhoef notes that all modern protected Wi-Fi networks use this four-way handshake. So, any device that supports a Wi-Fi connection is most likely affected by this vulnerability. For example, his research found that Android, Apple, Linux and Windows devices, among others, are at risk.

What you should know and do about the WPA2 weakness

The security flaws Vanhoef discovered are in the WPA2 standard itself rather than individual products. That is why any Wi-Fi-enabled device is most likely impacted. It is also why experts, including Vanhoef and CERT, are urging folks to update their devices with the latest available security patches. That includes laptops and smartphones as well as routers. CERT’s note says:

The WPA2 protocol is ubiquitous in wireless networking. Users are encouraged to install updates to affected products and hosts as they are available. For information about a specific vendor or product, check the Vendor Information section of this document or contact the vendor directly.

Forbes reports that Microsoft has already issued a patch, while Cisco and Intel have issued security advisories.

A spokesperson for Google, which developed the Android operating system, told Forbes, “We’re aware of the issue, and we will be patching any affected devices in the coming weeks.”

The Wi-Fi Alliance, which represents the Wi-Fi industry, also notes that “there is no evidence that the vulnerability has been exploited maliciously.”

What’s your take on this news? Sound off below or over on our Facebook page.

How to find cheaper car insurance in minutes

Getting a better deal on car insurance doesn't have to be hard. You can have The Zebra, an insurance comparison site compare quotes in just a few minutes and find you the best rates. Consumers save an average of $368 per year, according to the site, so if you're ready to secure your new rate, get started now.

Read Next
8 Key Steps to Planning for Retirement as a Couple
8 Key Steps to Planning for Retirement as a Couple

Ready for retirement? Not so fast. You might be surprised at some of the issues that come up for couples when they plan.

The 3 Worst Money Mistakes You Are Making at the Gas Station
The 3 Worst Money Mistakes You Are Making at the Gas Station

Beware these cash-guzzling missteps when you stop at any gas station.

11 Secret Uses for Everyday Items That Will Save You Money
11 Secret Uses for Everyday Items That Will Save You Money

These are simple solutions for life’s irritations.

View this page without ads

Help us produce more money-saving articles and videos by subscribing to a membership.

Get Started


Our Policy: We welcome relevant and respectful comments in order to foster healthy and informative discussions. All other comments may be removed. Comments with links are automatically held for moderation.

Trending Stories