Every Wi-Fi connection is potentially vulnerable to an unprecedented security flaw that allows hackers to snoop on internet traffic, researchers have revealed.
The vulnerability is the first to be found in the modern encryption techniques that have been used to secure Wi-Fi networks for the last 14 years.
In theory, it allows an attacker within range of a Wi-Fi network to inject computer viruses into internet networks, and read communications like passwords, credit card numbers and photos sent over the internet.
The so-called “Krack” attack has been described as a “fundamental flaw” in wireless security techniques by experts. Apple, Android and Windows software are all susceptible to some version of the vulnerability, which is not fixed by changing Wi-Fi passwords. Tech companies have issued or are developing updates to fix it.
“It seems to affect all Wi-Fi networks, it’s a fundamental flaw in the underlying protocol, even if you’ve done everything right [your security] is broken,” said Alan Woodward of the University of Surrey’s Centre for Cyber Security.
“[It means] you can’t trust your network, you can’t assume that what’s going between your PC and router is secure.”
Most modern Wi-Fi networks have their traffic encrypted by a protocol known as WPA or WPA-2, which has existed since 2003 and until now has never been broken. This protects data as it travels from a computer or smartphone to a router, stopping hackers and spies from monitoring networks or injecting malicious code into the transfer.
Source: The Telegraph