Researchers have published information about Krack, a newfound and serious weakness in WPA2 — the security standard that protects all modern Wi-Fi networks.
Belgian researchers Mathy Vanhoef and Frank Piessens, of KU Leuven University, disclosed the Krack bug in WPA2, which secures modern Wi-Fi systems used for wireless communication between mobile phones, laptops and other connected devices with Internet-connected routers or hot spots.
“If your device supports Wi-Fi, it is most likely affected,” they said on their website, which they set up to provide technical information about the flaw and methods hackers might use to attack vulnerable devices. It was not immediately clear how difficult it would be for hackers to exploit the bug, or if the vulnerability has previously been used to launch any attacks.
“It was only a matter of time before the WPA2 security breach came to light,” said Patrick Clover, founder and chief executive of the Edinburgh-based wifi management software firm BLACKBX. “For the last few years we have banked on the idea that a password on a box is enough to keep hackers at bay but the simple fact is – it’s not.
“The really difficult thing about this is that there are literally hundreds of thousands of businesses not properly equipped to deal with a security breach.
“For people and businesses wondering how they can protect themselves and their data, here are a few simple things to keep your Wi-Fi secure.
“The first is to invest in networking equipment and hire an external service provider to take network security off your hands and help ensure your Wi-Fi is safe.
“Other things that can be done include looking into any security upgrades for routers or connection points. Manufacturers have already started to release patches and upgrades so it’s worth seeing what’s available from your service provider. Investing in a network or in guest Wi-Fi management software can also add an extra layer of security.
“Updating your router firmware is a quick and easy way of ensuring security and can be done at most computer repair stores or IT service shops.”
Finnish security firm F-Secure said experts have long been cautious about Wi-Fi’s ability to withstand security challenges of the 21st century.
“But the worst part of it is that it’s an issue with Wi-Fi protocols, which means it affects practically every single person in the world that uses Wi-Fi networks,” it said.
Security commentator Brian Krebs has more background on the flaw.
The Wi-Fi Alliance, an industry group that represents hundreds of Wi-Fi technology companies, said the issue “could be resolved through a straightforward software update”.
The group said it had advised members to release patches for the Krack flaw quickly and recommended that consumers quickly install those security updates.
Microsoft said it had released a security update for Windows. Customers who applied the update, or had automatic updates enabled, would be protected, it said.