vlog

NOWCAST vlog News at 6am Weekday Mornings
Watch on Demand
Advertisement

A severe new security flaw affects every WiFi enabled device

Here's what you can do to stay safe
Eric Limer
Deputy Editor
A severe new security flaw affects every WiFi enabled device

Here's what you can do to stay safe

Advertisement
A severe new security flaw affects every WiFi enabled device

Here's what you can do to stay safe
Eric Limer
Deputy Editor
Security researchers have found severe flaws in the Wi-Fi Protected Access II protocol (WPA2), the security protocol most commonly used to secure your data as it travels across a WiFi network. A proof-of-concept attack dubbed "KRACK" could allow hackers to "steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos," and "works against all modern protected WiFi networks" according to the informational website set up by researcher Mathy Vanhoef.The actual details of the hack get a little bit technical, but essentially the attacker can manipulate the security handshake that Wi-Fi networks perform with devices that connect to them, stealing the numerical key that would otherwise encrypt the transmitted data. This allows attackers to effectively eavesdrop on any information a connected device sends across the compromised network. This vulnerability is particularly concerning because WPA2 protection is the most common and most advanced form of WiFi security available to the average person. Previous protocols, like Wired Equivalent Privacy (WEP) have been retired due to the ease with which they can be cracked. WEP passwords, for instance, can be cracked in a matter of minutes using widely available software. WPA2, first instituted in 2006, is the current, modern standard for WiFi security. There is some good news. The vulnerability is fixable with software updates to WiFi enabled devices. The WiFi Alliance, an organization helps make sure various wireless devices work well together, has a game plan to help raise awareness and facilitate testing and security updates for affected gadgets. And while these vulnerabilities allow attackers to breach networks, technologies like HTTPS and end-to-end encrypted apps and services like Signal and Whatsapp are designed to protect your privacy even when used over an untrusted network. So what should you do if you're concerned about your digital safety? First and foremost, update your phone, computer, or other devices when they receive security updates. In the meantime, and just generally if you want to be particularly safe, assume that any WiFi network you are using (especially public ones) may be compromised. Don't transmit any sensitive personal information (like credit card numbers, or important login credentials) unless you are using an app with end-to-end encryption or connected to a website via HTTPS—if your browser shows a little lock in the address bar and says "secure," you should be safe. Another extreme but reliable way to preserve your online privacy is to use a VPN, which will not only protect your sensitive data from eavesdroppers on a compromised WiFi network, but also from your ISP which has been cleared by congress to collect your data and sell it to advertisers. If you go down that route however, be very careful in choosing a VPN, because some sketchier services might rather sell you themselves out than actually protect your privacy. Security updates will certainly be coming soon. Many vendors were notified of these problems in late August. But patches don't always move quickly and there are always avenues for sophisticated and determined hackers. The best action you can take is to maintain good security practices and stay slightly, appropriately, paranoid.

Security researchers have found severe flaws in the (WPA2), the security protocol most commonly used to secure your data as it travels across a WiFi network. A proof-of-concept attack dubbed "" could allow hackers to "steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos," and "works against all modern protected WiFi networks" according to the .

The actual details of the hack get a little bit technical, but essentially the attacker can manipulate the security handshake that Wi-Fi networks perform with devices that connect to them, stealing the numerical key that would otherwise encrypt the transmitted data. This allows attackers to effectively eavesdrop on any information a connected device sends across the compromised network.

Advertisement

Related Content

This content is imported from YouTube. You may be able to find the same content in another format, or you may be able to find more information, at their web site.

This vulnerability is particularly concerning because WPA2 protection is the most common and most advanced form of WiFi security available to the average person. Previous protocols, like Wired Equivalent Privacy (WEP) have been retired due to the ease with which they can be cracked. WEP passwords, for instance, can be cracked in a matter of minutes using widely available software. WPA2, first instituted in 2006, is the current, modern standard for WiFi security.

There is some good news. The vulnerability is fixable with software updates to WiFi enabled devices. The WiFi Alliance, an organization helps make sure various wireless devices work well together, to help raise awareness and facilitate testing and security updates for affected gadgets. And while these vulnerabilities allow attackers to breach networks, technologies like HTTPS and end-to-end encrypted apps and services like Signal and Whatsapp are .

So what should you do if you're concerned about your digital safety? First and foremost, update your phone, computer, or other devices when they receive security updates. In the meantime, and just generally if you want to be particularly safe, assume that any WiFi network you are using (especially public ones) may be compromised. Don't transmit any sensitive personal information (like credit card numbers, or important login credentials) unless you are using an app with end-to-end encryption or connected to a website via HTTPS—if your browser shows a little lock in the address bar and says "secure," you should be safe.

vlog-TV

Another extreme but reliable way to preserve your online privacy is to use a VPN, which will not only protect your sensitive data from eavesdroppers on a compromised WiFi network, but also from your ISP . If you go down that route however, , because some sketchier services might rather sell you themselves out than actually protect your privacy.

Security updates will certainly be coming soon. Many vendors were notified of these problems in late August. But patches don't always move quickly and there are always avenues for sophisticated and determined hackers. The best action you can take is to maintain good security practices and stay slightly, appropriately, paranoid.

Top Picks

Nonprofit recovers 6,600 pounds of leftover food from NFL Draft
WWII veteran who served at Iwo Jima celebrates 102nd birthday
Mike Waltz is ninth major swap in President Trump's top team so far
Get the Facts: Providing context to some hot-button issues from Trump's first 100 days in office