New wi-fi weakness could let hackers access encrypted data, researchers say

Every wi-fi connection around the world could be at risk because of a new vulnerability that could allow hackers to access sensitive data, security researchers have claimed.

New wi-fi weakness could let hackers access encrypted data, researchers say

Every wi-fi connection around the world could be at risk because of a new vulnerability that could allow hackers to access sensitive data, security researchers have claimed.

The flaw, know as Krack, uses a weakness in the WPA2 protocol, which is used to secure all modern wi-fi systems.

The researchers say that in theory, the weakness can be used by hackers within range of a wi-fi network to access and read information previously assumed to be encrypted.

It could also be used to inject viruses such as malware or ransomware into websites.

Mathy Vanheof, from the research team at Belgian University KU Leuven, said: "The weaknesses are in the wi-fi standard itself, and not in individual products or implementations.

"Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports wi-fi, it is most likely affected."

The flaw relates specifically to digital 'handshakes' made between devices and wi-fi routers when they connect, which secures data that travels between that connection.

But the Belgian team has found a way to break into this connection, which could enable hackers to access the encrypted data travelling within it, which could include passwords, credit card details and messages sent over the wi-fi network.

The researchers said changing wi-fi passwords would not fix the problem, and software from technology giants such as Apple, Google and Microsoft are all susceptible to some version of the vulnerability - though it can be fixed through software and firmware updates.

The attack can also not be carried out remotely, with hackers required to be in range of the network in order to attempt a breach.

Cyber security researcher Lee Munson from Comparitech.com said: "The WPA2 encryption algorithm, which was thought to be rock solid, is so widespread in its use that its cracking potentially puts everyone at risk.

"In reality, the fact that an attacker has to be within wireless range would suggest any attacks would be targeted rather than random but, even so, home users especially need to be aware of the dangers.

"Until the issue is fixed via a router firmware update - if possible - or WPA2 is superseded, everyone should adopt an additional level of caution when sending sensitive information to online servers.

"Users are advised to look out for the padlock symbol in their browser, or the addition of the letter 's' on the end of the http part of a web address, before sharing personal or financial information; advice that is more valuable now than ever before."

more courts articles

Man (25) in court charged with murdering his father and attempted murder of mother Man (25) in court charged with murdering his father and attempted murder of mother
Man appears in court charged with false imprisonment of woman in van Man appears in court charged with false imprisonment of woman in van
Man in court over alleged false imprisonment of woman Man in court over alleged false imprisonment of woman

More in this section

FILE PHOTO The Competition and Consumer Protection Commission has cleared the purchase of Goodbody Stockbrokers by AIB END Goodbody Stockbrokers fined over €1.2m by Central Bank over rules breaches
Nottingham City Centre Stock Irish staff at the Body Shop wait for wages as retailer shuts stores in the Republic
Ryanair comments on Norwegian Ryanair boss O'Leary's spat with Transport Minister over Dublin Airport escalates
IE logo
Devices


UNLIMITED ACCESS TO THE IRISH EXAMINER FOR TEAMS AND ORGANISATIONS
FIND OUT MORE

The Business Hub
Newsletter

News and analysis on business, money and jobs from Munster and beyond by our expert team of business writers.

Sign up
ie logo
Puzzles Logo

Play digital puzzles like crosswords, sudoku and a variety of word games including the popular Word Wheel

Lunchtime News
Newsletter

Keep up with the stories of the day with our lunchtime news wrap.

Sign up
Cookie Policy Privacy Policy Brand Safety FAQ Help Contact Us Terms and Conditions

© Examiner Echo Group Limited