Cy­ber In­sider

There’s a mas­sive prob­lem with Wi-Fi se­cu­rity, and it af­fects ev­ery sin­gle com­puter, router and smart­phone. Cy­ber In­sider ex­plains how to com­bat it

Computer Shopper - - CONTENTS -

A ma­jor se­cu­rity flaw in wire­less sys­tems means ev­ery Wi-Fi net­work is po­ten­tially at risk from at­tack. We look at what you can do to keep the hack­ers at bay

AN­OTHER MONTH, AND an­other mas­sive se­cu­rity flaw has been found. In this case, the prob­lem is with Wi-Fi con­nec­tions, which given how much we all use it – in pub­lic, at home and at work – is a se­ri­ous prob­lem for ev­ery­one.

So how big is the prob­lem? Well, the is­sue is that any­one within range of your wire­less net­work can eaves­drop and read ev­ery­thing go­ing across it. In other words, the prob­lem is mas­sive.

The ex­ploit has been named Krack (Key Re­in­stal­la­tion At­tack) by the Bel­gian re­searcher who dis­cov­ered it. With­out get­ting overly tech­ni­cal, the root of the prob­lem is in the way in which Wi-Fi net­works es­tab­lish a se­cure con­nec­tion with a de­vice.

GOLDEN HAND­SHAKE

Us­ing what’s known as a four-way hand­shake, the client con­nects to a net­work, gets handed an en­cryp­tion key and uses that to en­crypt all data sent over the net­work. At this point, any­one that doesn’t have this key is un­able to see what’s go­ing on over the net­work.

Be­cause Wi-Fi is a bit flaky and rub­bish, if the key-han­dling fails, a client can ask for and re­ceive the key again. With the flaw in Wi-Fi, a hacker can spoof the re­quest for the key, which causes the in­for­ma­tion to be re­broad­cast, al­low­ing the bad guy to de­code the net­work’s en­cryp­tion key. As both hacker and de­vice are now shar­ing the same key, they can read ev­ery­thing that’s go­ing on. That means all com­mu­ni­ca­tion across the net­work can be re­ceived, down­loaded and an­a­lysed by the hacker.

That’s very bad news for Wi-Fi, as ev­ery sin­gle net­work on the planet is at risk from this threat. For you at home, how­ever, the risk is not as great as per­haps some of the re­ports would have you think. Let’s see why.

First, to break the en­cryp­tion and spy on you, a hacker has to get in range of your net­work, which means park­ing up out­side your house. That would mean that the hack­ers would need to de­cide that it was worth vis­it­ing your house in the first place. Let’s face it, nei­ther you nor I are in­ter­est­ing enough for hack­ers to go out of their way to at­tack.

En­crypted traf­fic, such as via SSL for se­cure web pages or a VPN, re­mains safe, and hack­ers can’t see what’s go­ing on.

PUB­LIC NOT SPOTS

Open wire­less hotspots aren’t at risk from Krack either, as these typ­i­cally don’t use en­cryp­tion and are com­pletely in­se­cure any­way. That’s the main rea­son Com­puter Shop­per rec­om­mends that you avoid them.

Wire­less net­works that are pro­tected but are for pub­lic use, such as in cof­fee shops or ho­tels, are more at risk. Here, a hacker could breach the net­work’s se­cu­rity, with the aim of sy­phon­ing off as many pri­vate de­tails, user­names and pass­words as pos­si­ble.

Again, Com­puter Shop­per has of­ten warned about us­ing any pub­lic net­work. Put sim­ply, if you’re not in charge of it, then don’t trust it, as you don’t know who’s spy­ing on you.

When us­ing a pub­lic hotspot, we rec­om­mend us­ing a VPN, which en­crypts the traf­fic that flows through a hotspot un­til it pops out of the end of the tun­nel on to the in­ter­net. If a hacker steals data from a hotspot, all they can see is en­crypted in­for­ma­tion that they can’t make sense of.

WHAT SHOULD YOU DO?

While VPNs are a good idea, we’re cer­tainly not ad­vo­cat­ing us­ing po­ten­tially in­se­cure net­works and do­ing noth­ing about it. First, try to avoid us­ing hotspots as much as pos­si­ble. With smart­phones, make sure that you’ve dis­abled the op­tion in the set­tings to con­nect to in­se­cure net­works au­to­mat­i­cally. If not, your smart­phone can con­nect with­out you know­ing and trans­mit data in­se­curely.

If you do use a hotspot, then run a VPN and turn it on as soon as you con­nect and be­fore you browse the web or open any apps. This will greatly re­duce the amount of un­se­cured data that you’re send­ing.

Next, you need to patch ev­ery­thing, which means start­ing by up­dat­ing your wire­less router. Your man­u­fac­turer should have re­leased a patch for it; if not, get in touch with cus­tomer sup­port and ask when it’s com­ing.

Win­dows PCs al­ready have a patch avail­able that fixes the is­sues for Win­dows 7, 8 and 10. Make sure you’ve used Win­dows Up­date to in­stall it. Google and Ap­ple are both work­ing on fixes, too. With Ap­ple, this should be slightly more straight­for­ward. Google’s frag­mented An­droid sys­tem means that the patch has to be dis­trib­uted to hand­set man­u­fac­tur­ers that have to test and im­ple­ment for their hand­sets. This could take some time to reach ev­ery An­droid hand­set, but keep check­ing for up­dates.

With the flaw in Wi-Fi, a hacker can spoof the re­quest for an en­cryp­tion key, which causes the in­for­ma­tion to be re­broad­cast, al­low­ing the bad guy to de­code the net­work’s key

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.