Researchers have published information about Krack, a newfound and serious weakness in WPA2 — the security standard that protects all modern Wi-Fi networks.
Belgian researchers Mathy Vanhoef and Frank Piessens, of KU Leuven University, disclosed the Krack bug in WPA2, which secures modern Wi-Fi systems used for wireless communication between mobile phones, laptops and other connected devices with Internet-connected routers or hot spots.
“If your device supports Wi-Fi, it is most likely affected,” they said on their website, which they set up to provide technical information about the flaw and methods hackers might use to attack vulnerable devices. It was not immediately clear how difficult it would be for hackers to exploit the bug, or if the vulnerability has previously been used to launch any attacks.
“It was only a matter of time before the WPA2 security breach came to light,” said Patrick Clover, founder and chief executive of the Edinburgh-based wifi management software firm BLACKBX. “For the last few years we have banked on the idea that a password on a box is enough to keep hackers at bay but the simple fact is – it’s not.
“The really difficult thing about this is that there are literally hundreds of thousands of businesses not properly equipped to deal with a security breach.
“For people and businesses wondering how they can protect themselves and their data, here are a few simple things to keep your Wi-Fi secure.
“The first is to invest in networking equipment and hire an external service provider to take network security off your hands and help ensure your Wi-Fi is safe.
“Other things that can be done include looking into any security upgrades for routers or connection points. Manufacturers have already started to release patches and upgrades so it’s worth seeing what’s available from your service provider. Investing in a network or in guest Wi-Fi management software can also add an extra layer of security.
“Updating your router firmware is a quick and easy way of ensuring security and can be done at most computer repair stores or IT service shops.”
Finnish security firm F-Secure said experts have long been cautious about Wi-Fi’s ability to withstand security challenges of the 21st century.
“But the worst part of it is that it’s an issue with Wi-Fi protocols, which means it affects practically every single person in the world that uses Wi-Fi networks,” it said.
Security commentator Brian Krebs has more background on the flaw.
The Wi-Fi Alliance, an industry group that represents hundreds of Wi-Fi technology companies, said the issue “could be resolved through a straightforward software update”.
The group said it had advised members to release patches for the Krack flaw quickly and recommended that consumers quickly install those security updates.
Microsoft said it had released a security update for Windows. Customers who applied the update, or had automatic updates enabled, would be protected, it said.
Related posts
Interviews
Comment
Please mind the gap… or healthcare may fall
Imagine sharing a lengthy train journey with others. From beginning to end, imagine how often you might hear ‘mind the gap’ messages about embarking and disembarking safely. Picture how navigating…
Women Lead: My journey from Dragons’ Den to Silicon Valley
Following her appearance on Dragons’ Den, Sheila Hogan, serial entrepreneur, founder and chief executive of digital legacy vault, Biscuit Tin, shares her experience of her time in the Den and…
Look anywhere – the future is ‘aged tech’. But Scotland needs to be more adventurous
Scottish Care, as the representative body of independent social care providers of care home, care at home and housing support services, has been working over several years with colleagues in…
Women Lead: Engineer turned entrepreneur
We are always fascinated by other people’s stories. It’s how we connect, grow and learn from each other. Until very recently I always felt like I didn’t have a story to tell. Who…
‘Women – together we will change the dynamic in tech’
I was inspired to start a career in technology when personal computers were in their infancy and the internet decades away. My childhood dream of becoming a scientist was shaped by…
It’s time to change the future of tech apprenticeships – and we need your help
In his latest exclusive column for Futurescot, Ross Tuffee, chair of the Skills Development Scotland (SDS) Digital Economy Skills Group, calls on tech employers to get involved in shaping the…
What AI difference a year makes
Amazingly, it’s been one year since the publication of Scotland’s AI Strategy. And what a year it has been. Demanding but rewarding, with good progress made and great foundations laid…
International Women’s Day: It’s time to harness power of women in technology
As we celebrate International Women’s Day, I hope to be part of a future where barriers that prevent women from competing on a level playing field in the work environment…