Why your Wi-Fi is vulnerable to hackers
A software bug affecting most of the world’s Wi-Fi connections “could let hackers spy on you,” said Selena Larson in CNN.com.A Belgian security researcher announced last week that he’d discovered a critical flaw in WPA2, the global protocol that encrypts traffic on Wi-Fi networks. Normally, data that moves between a Wi-Fi router and a connected computer or phone is encrypted or scrambled, so that eavesdroppers and digital thieves can’t access it. But this flaw, dubbed KRACK, allows a hacker within range of a targeted device to reset the encryption keys, exposing transmitted information to being read or stolen. In some cases, hackers could even inject malware into a Wi-Fi network, said Lily Hay Newman in Wired.com. “In practice, that means hackers could steal your passwords, intercept your financial data, or even manipulate commands to, say, send your money to themselves.” Some devices, including those running Windows and iOS, are “mercifully already protected,” thanks to newly released security patches, but “tens of millions” of Android and Linux devices remain exposed.
The good news is that “you probably don’t have to worry about hackers going after your network specifically,” said Russell Brandom in TheVerge.com. An attacker has to be physically within Wi-Fi range to carry out this exploit, “which dramatically reduces the risk that an average person will be targeted.” The attack itself “is also difficult to execute,” and there haven’t been any real-world reports of the bug actually being used for hacks. But it’s still disconcerting that this flaw “caught much of the industry off guard.” Most major tech firms, including Google, are scrambling to develop and release fixes to secure their products. To protect yourself, “update your devices immediately and then keep updating them over the next few weeks as companies release new patches,” said Keith Collins in Qz.com. This includes computers, tablets, phones, and routers. As a general web-browsing rule, only share sensitive data on HTTPS sites that feature a padlock icon in the browser’s address bar. These sites are still vulnerable to KRACK without a fix, but they are better than unsecured sites.
If we’re honest, the “KRACK Wi-Fi mess will take decades to clean up,” said Brian Barrett in Wired.com. When companies release security patches for flaws like this, it’s often consumers’ responsibility to apply them. That’s not as hard to do with smartphones, which typically prod users with a software autoupdate, but it becomes far trickier with devices like routers. Even if consumers know they need to update that device’s software, the process “may rightly baffle” them. Then there are the millions of Wi-Fi–connected smart-home gadgets, including security cameras, smart refrigerators, and connected thermostats, which “rarely receive” the necessary software fixes. As a result, “the true cost of KRACK could play out for years.”