The Philippine Star

Wi-Fi encryption flaw exposes millions to hackers

-

NEW YORK (AFP) — A newly discovered flaw in the widely used Wi-Fi encryption protocol could leave millions of users vulnerable to attacks, prompting warnings Monday from the US government and security researcher­s worldwide.

The US government’s Computer Emergency Response Team (CERT) issued a security bulletin saying the flaw can open the door to hackers seeking to eavesdrop on or hijack devices using wireless networks.

“Exploitati­on of these vulnerabil­ities could allow an attacker to take control of an affected system,” said CERT, which is part of the US Department of Homeland Security.

The agency’s warning came on the heels of research by computer scientists at the Belgian university KU Leuven, who dubbed the flaw Krack, for Key Reinstalla­tion Attack.

According to the news site Ars Technica, the discovery was a closely guarded secret for weeks to allow Wi-Fi systems worldwide to develop security patches.

Attackers can exploit the flaw in WPA2 – the name for the encryption protocol – “to read informatio­n that was previously assumed to be safely encrypted,” said a blog post by KU Leuven researcher Mathy Vanhoef.

“This can be abused to steal sensitive informatio­n such as credit card numbers, passwords, chat messages, e-mails, photos, and so on. The attack works against all modern protected Wi-Fi networks.”

The researcher said the flaw may also allow an attacker “to inject ransomware or other malware into websites.”

The Krack vulnerabil­ity allows attackers to circumvent the “key” on a Wi-Fi connection that keeps data private.

The Belgian researcher­s said in a paper that devices on all operating systems may be vulnerable to Krack, including 41 percent of Android devices.

The newly discovered flaw was serious because of the ubiquity of Wi-Fi and the difficulty in patching millions of wireless systems, according to researcher­s.

“Wow. Everyone needs to be afraid,” said Rob Graham of Errata Security in a blog post.

“It means in practice, attackers can decrypt a lot of Wi-Fi traffic, with varying levels of difficulty depending on your precise network set-up.”

Alex Hudson, of the British-based digital service firm Iron Group, said the discovery means that “security built into Wi-Fi is likely ineffectiv­e, and we should not assume it provides any security.”

?? AP ?? Security researcher­s have discovered a Wi-Fi network vulnerabil­ity that could allow attackers to steal sensitive informatio­n or inject malicious code while someone is logged into a computer or mobile device.
AP Security researcher­s have discovered a Wi-Fi network vulnerabil­ity that could allow attackers to steal sensitive informatio­n or inject malicious code while someone is logged into a computer or mobile device.

Newspapers in English

Newspapers from Philippines