People Should Update Devices Because of New Wi-Fi Privacy Hack

by Sherry Padilla October 17, 2017, 0:29
People Should Update Devices Because of New Wi-Fi Privacy Hack

The U.S. Department of Homeland Security issued a warning Monday morning on a fundamental operation flaw in the Wi-Fi Protected Access II (WPA2) protocol, which is created to secure all modern protected Wi-Fi networks.

"In 2001, the WiFi security protocol WEP was cracked and it was soon deemed unsafe to use in order to keep your data and indeed networks safe from prying eyes", Mark James, a security specialist at ESET, says in an email to Newsweek. However, as per available indications, the researchers will be revealing some alarming facts about how vulnerable the latest security protocol is. Note that if your device supports Wi-Fi, it is most likely affected.

The vulnerability is the first to be found in the modern encryption techniques that have been used to secure Wi-Fi networks for the last 14 years. For example, a message sent from your phone to a network could be played, or video that your security camera sent to network could be played and all modems are affected.

"We released fixed versions last week, so if you upgrade your devices routinely, no further action is required", said MikroTik. Many vendors have already issued patches for the vulnerability and we highly recommend you download and install those updates. By taking advantage of this exploit, an attacker can clone a wireless network onto another channel, and then force a target device onto the malicious connection.

More news: Tom Brady returns to Patriots practice

As reported previously by ZDNet, the bug, dubbed "KRACK" - which stands for Key Reinstallation Attack - is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates.

As the weakness lies in WPA2 itself, all devices using WiFi are at risk. Identified as the "Key Reinstallation Attackes", or Krack Attacks, the security flaws were found to be in the actual WiFi standard, not individual products.

Mathy Vanhoef, a postdoctoral student at KU Leuven in Belgium who helped develop KRACK, says that "depending on the network configuration, it is also possible to inject and manipulate data".

Responding to the issue, the United States Computer Emergency Readiness Team (CERT) provided the following statement (via Ars Technica). From credit card numbers and private messages to passwords and personal files.

More news: Blade Runner 2049 disappoints at United States box office

Wi-Fi networks typically use shared keys (usually based on AES encryption) to protect network traffic.

Prof Woodward said that the only way to fix the flaw would be for internet companies to manually replace or patch every router in people's homes.

"Cisco is aware of the industry-wide vulnerabilities affecting Wi-Fi Protected Access protocol standards", a Cisco spokesperson told ZDNet. Updated devices should be able to continue to communicate with devices that haven't had a patch installed, he said. Keys are meant to be unique and aren't re-usable. Additionally, the firmware of routers will need to be urgently updated when possible. Security researchers claim 41 percent of Android devices are vulnerable to an "exceptionally devastating" variant of the Wi-Fi attack that involves manipulating traffic, and it will take time to patch older devices.

More news: Samsung CEO to resign despite record Q3 earnings

TOP News

Game of Thrones' star Sophie Turner announces her engagement to Joe Jonas
Turner and Jonas have been dating since at least late a year ago , but have rarely been photographed at public events together. Fellow Game of Thrones' stars Kit Harington and Rose Leslie confirmed their engagement in September.

US Will Withdraw From Unesco, Citing Its 'Anti-Israel Bias'
The Israel controversy re-ignited this summer after UNESCO named Hebron's city center a Palestinian World Heritage Site . The state department said it would establish a time for the USA to Pull Out of UNESCO Amid Palestinian Tensions.

'Armageddon': Wildfires engulf 50k acres in California's wine country
In that blaze, 23,000 acres were burned, $36 million was done in damage, 65 structures were destroyed and 11 people were injured. Sonoma County resident John Dean was driving home early Monday when "I looked over and saw a house on fire" along the road.

Details of new Hamas-Fatah reconciliation deal to be announced this afternoon
Sticking points include control over the arsenal of Hamas' armed wing and the fate of thousands of Hamas public servants. An Egyptian source close to the talks said intelligence chief Khaled Fawzi had followed the negotiations closely.

Conor McGregor's Threat To Nate Diaz Ahead Of The Potential Trilogy Fight
There's a lingering trilogy fight with Nate Diaz, as well as an unsettled rivalry with retired boxing champion Paulie Mallignaggi. White added that McGregor is eyeing up a return to the Octagon before the year's end. "It's the fight that has to happen".

Did Kourtney Kardashian throw shade at Scott Disick's new relationship?
The dating rumours thickened after the Malibu trip, but she again took to Twitter and shared: The last time I'm gonna say it. Sofia Richie and Younes Bendjima are not on talking terms, it has been reported.

Kenya police shoot dead two during opposition protest: commissioner
Bondo police chief Paul Kiarie says three other protesters suffered gunshot wounds in Siaya County. In Kisumu city, local television showed running battles with stone-throwing youth.

States Sue Trump Admin Over ObamaCare Payments, More States to Join
Our coalition of states stands ready to sue if President Trump cuts them off. "The insurance companies have made a fortune". Becerra said it's unclear what will happen to a pending challenge to the Obamacare subsidies filed by House Republicans.

ALCS Game 1 preview: Astros hope Keuchel continues success vs. Yankees
Somewhat negating the Keuchel Effect for the Yankees is their youth movement and subsequently surprise run to the ALCS. Severino: In Game 2 , Luis Severino starts for the Yankees while Justin Verlander starts for the Astros.

Columbus Day 2017: What's open, what's closed on Monday, Oct. 9?
Salt Lake City officials declared Tuesday that they would keep Columbus Day but observe Indigenous Peoples Day on the same day. The Marist Poll surveyed 1,224 adults September 11-13, funded in partnership with the Knights of Columbus .