There’s a massive problem with Wi-Fi security, and it affects every single computer, router and smartphone. Cyber Insider explains how to combat it
A major security flaw in wireless systems means every Wi-Fi network is potentially at risk from attack. We look at what you can do to keep the hackers at bay
ANOTHER MONTH, AND another massive security flaw has been found. In this case, the problem is with Wi-Fi connections, which given how much we all use it – in public, at home and at work – is a serious problem for everyone.
So how big is the problem? Well, the issue is that anyone within range of your wireless network can eavesdrop and read everything going across it. In other words, the problem is massive.
The exploit has been named Krack (Key Reinstallation Attack) by the Belgian researcher who discovered it. Without getting overly technical, the root of the problem is in the way in which Wi-Fi networks establish a secure connection with a device.
Using what’s known as a four-way handshake, the client connects to a network, gets handed an encryption key and uses that to encrypt all data sent over the network. At this point, anyone that doesn’t have this key is unable to see what’s going on over the network.
Because Wi-Fi is a bit flaky and rubbish, if the key-handling fails, a client can ask for and receive the key again. With the flaw in Wi-Fi, a hacker can spoof the request for the key, which causes the information to be rebroadcast, allowing the bad guy to decode the network’s encryption key. As both hacker and device are now sharing the same key, they can read everything that’s going on. That means all communication across the network can be received, downloaded and analysed by the hacker.
That’s very bad news for Wi-Fi, as every single network on the planet is at risk from this threat. For you at home, however, the risk is not as great as perhaps some of the reports would have you think. Let’s see why.
First, to break the encryption and spy on you, a hacker has to get in range of your network, which means parking up outside your house. That would mean that the hackers would need to decide that it was worth visiting your house in the first place. Let’s face it, neither you nor I are interesting enough for hackers to go out of their way to attack.
Encrypted traffic, such as via SSL for secure web pages or a VPN, remains safe, and hackers can’t see what’s going on.
PUBLIC NOT SPOTS
Open wireless hotspots aren’t at risk from Krack either, as these typically don’t use encryption and are completely insecure anyway. That’s the main reason Computer Shopper recommends that you avoid them.
Wireless networks that are protected but are for public use, such as in coffee shops or hotels, are more at risk. Here, a hacker could breach the network’s security, with the aim of syphoning off as many private details, usernames and passwords as possible.
Again, Computer Shopper has often warned about using any public network. Put simply, if you’re not in charge of it, then don’t trust it, as you don’t know who’s spying on you.
When using a public hotspot, we recommend using a VPN, which encrypts the traffic that flows through a hotspot until it pops out of the end of the tunnel on to the internet. If a hacker steals data from a hotspot, all they can see is encrypted information that they can’t make sense of.
WHAT SHOULD YOU DO?
While VPNs are a good idea, we’re certainly not advocating using potentially insecure networks and doing nothing about it. First, try to avoid using hotspots as much as possible. With smartphones, make sure that you’ve disabled the option in the settings to connect to insecure networks automatically. If not, your smartphone can connect without you knowing and transmit data insecurely.
If you do use a hotspot, then run a VPN and turn it on as soon as you connect and before you browse the web or open any apps. This will greatly reduce the amount of unsecured data that you’re sending.
Next, you need to patch everything, which means starting by updating your wireless router. Your manufacturer should have released a patch for it; if not, get in touch with customer support and ask when it’s coming.
Windows PCs already have a patch available that fixes the issues for Windows 7, 8 and 10. Make sure you’ve used Windows Update to install it. Google and Apple are both working on fixes, too. With Apple, this should be slightly more straightforward. Google’s fragmented Android system means that the patch has to be distributed to handset manufacturers that have to test and implement for their handsets. This could take some time to reach every Android handset, but keep checking for updates.
With the flaw in Wi-Fi, a hacker can spoof the request for an encryption key, which causes the information to be rebroadcast, allowing the bad guy to decode the network’s key