Thank you!

We have emailed you a PDF version of the article you requested.

Can't find the email?

Please check your spam or junk folder

IFLScience Home
IFLScience logo

"A Security Flaw In WiFi Has Been Discovered That Means You Can See All Information Sent Over A Network If You're Close Enough"

Complete the form below and we will email you a PDF version

You can unsubscribe at any time. View ourprivacy policy and terms below.

IFLScience needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time.

For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out ourPrivacy Policy

Advertisement

technologyTechnology
clockPUBLISHED

A Security Flaw In WiFi Has Been Discovered That Means You Can See All Information Sent Over A Network If You're Close Enough

author

Dr. Alfredo Carpineti

author

Dr. Alfredo Carpineti

Senior Staff Writer & Space Correspondent

Alfredo (he/him) has a PhD in Astrophysics on galaxy evolution and a Master's in Quantum Fields and Fundamental Forces.

BookView full profile

BookRead IFLScience Editorial Policy

Senior Staff Writer & Space Correspondent

isak55/shutterstock

Belgian computer scientists have shown that there is the standard security protocol used in all modern Wi-Fi network is not as secure as previously thought. The weaknesses they identified are found the in WPA2 (Wi-Fi Protected Access) protocol and in a new study, the researchers showed just how easy they are easy to exploit. Companies were notified weeks ago about this flaw so make sure all your software is up to date. 

The scientists looked at a specific type of cyber-attack known as KRACK, or Key Reinstallation Attack, which allows an attacker to access encrypted information like credit card numbers, passwords, photos, etc. The research is discussed in a paper, which will be presented at the Computer and Communications Security (CCS) conference on November 1, next month.

Advertisement

This security flaw affects, in one way or another, Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and many others. The researchers have also successfully simulated attacks against mobile and desktop software, banking apps, and even VPN apps that are designed to hide where you’re connecting from.

The crucial issue is how WPA2 protocol is designed. When you join a protected Wi-Fi network, you and your network have a 4-way handshake. It’s a way to provide mutual identification. During the handshake, you get a fresh encryption key, which allows you to send encrypted data packages and be secured.

What the researchers noticed is that the encryption key is always in message 3 of the 4-way handshake and a KRACK attack forced the user to reinstall the key. The difference is that a malicious attacker could send forth an encryption key that is not fresh and instead can be used to see what's being transmitted over the network, even being able to inject ransomware and malware into websites. The malicious attacker would have to be physically close to you, it cannot be done remotely.

Lead author Mathy Vanhoef explained that software companies can patch the existing WPA2, without having to come up with a completely new protected access protocol. So to make sure you’re not vulnerable to this kind of attack, all your devices, including the firmware of your router, need to be updated.

Advertisement

The United States Computer Emergency Readiness Team (CERT) issued a Vulnerability Note explaining the technical issue behind the WPA2 weakness and the companies affected by these. All the companies were notified on August 28 and the ones affected have been updating their software. Make sure you do too

ARTICLE POSTED IN

technologyTechnology
  • tag

  • cyber-security,

  • Wi-Fi,

  • cyber attack,

  • Wi-Fi Protected Access Protocol,

  • WPA2

FOLLOW ONNEWSGoogele News

technology

More Technology Stories

It's Possible To Extract Audio From A Still, Soundless ImageA couple fighting in an apartment, seen through the window.
technologyTechnology

It's Possible To Extract Audio From A Still, Soundless Image

clock3 days ago
comments2
share660
People Learn To Control A Robotic Third Arm Surprisingly QuicklyArms coming off your back may not be just around the corner, but when they come using at least one of them may be surprisingly easy
technologyfuture

People Learn To Control A Robotic Third Arm Surprisingly Quickly

clock4 days ago
comments5
share340
Using Just Wi-Fi Signals, You Can Track People And Read Through Walls3d render of abstract face analysis. Facial recognition and biometric identification scan concept. Authentication technology.
technologyTechnology

Using Just Wi-Fi Signals, You Can Track People And Read Through Walls

clock4 days ago
comments2
share160