A major security flaw has been discovered in a protocol that protects Wi-Fi
Um yea, this can’t be good.
“If your device supports Wi-Fi, it is most likely affected,” says researcher Mathy Vanhoef in a recent update to his website.
Mathy Vanhoef is the guy who just uncovered a major security flaw in one of the protocols that protect modern Wi-Fi. “The attack works against all modern protected Wi-Fi networks.”
First spotted by ArsTechnica, this security flaw “makes it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.” The exploit is called KRACK and it affects devices running on Android, Linux, Apple, Windows, and other types of devices.
“This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
Yea, this is pretty bad. The good thing is that all of this is patchable and can be fixed. According to Charged, “the most important fix to apply is the one for your phones, laptops and other devices. The data transmitted by these devices could now be exposed.” There’s a really helpful list that keeps track of all the companies pushing out patch updates, so be sure to keep an eye out for that. Click here for the list.
The Wi-Fi Alliance, a network of companies responsible for Wi-Fi, has issued a statement regarding the disclosure of the vulnerabilities. “This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users,” says a Wi-Fi Alliance spokesperson. “Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.”
To learn more about this exploit, head on over to krackattacks.com to read more about the security flaw.