Security experts have warned that every single Wi-Fi connection is vulnerable to an unprecedented security flaw that allows hackers to snoop on internet traffic.
The vulnerability, known as ‘Krack’ gives hackers access to almost everything that has been sent over a Wi-Fi network and any device that has used the same network is potentially at risk.
“This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on,” security researcher Mathy Vanhoef said,
“The attack works against all modern protected Wi-Fi networks.”
According to Mr Vanhoef every computer, phone and any device that has Wi-Fi connectivity is at risk.
“Note that if your device supports Wi-Fi, it is most likely affected,” he said.
What’s worse still is that any data that is sent over an affected network could be read by hackers, even on website that use the more secure HTTPS protocol, which makes harder for data to be read by hackers.
“Bypassed in a worrying number of situations”, Mr Vanhoef wrote.
On a website dedicated to the vulnerability, Mr Vanhoef issued a plea to tech companies to issue security patches to protect devices against the vulnerability immediately.
Mr Vanhoef says that vendors have been aware of the issued since July and some updates have already been rolled out.
Android devices are most at risk due to the nature of the Android operating system, where it typically takes longer for software updates to be pushed out to users.
Krack works by exploiting something in Wi-Fi network called the ‘handshake’, which the devices give to each other when they a device connects to Wi-Fi.
After the handshake has been given, an encryption key is issued which is used for all traffic between the two devices.
However, researchers have found that the handshake can be compromised and hackers are able to obtain a key that is already in use, giving them access to any data, passwords, information and even personal messages which are being sent over the network.
“Currently, all modern protected Wi-Fi networks use the” specific kind of handshake that is liable to attack, Mr Vanhoef wrote .
“This implies all these networks are affected by (some variant of) our attack”, he added.
Mr Vanhoef said that as updates have been and are in the process of being push out by vendors, users should make sure their devices are running the latest operating system and software updates.
Waiting for vendors to issue a patch against the vulnerability is just about the only thing users can do, Mr Vanhoef. Changing your Wi-Fi password will have no effect as the hack does not use the password.
“We are not in a position to determine if this vulnerability has been (or is being) actively exploited in the wild,” Mr Vanhoef wrote. Source