Researchers uncover flaw that makes Wi-Fi vulnerable to hacks

A wifi logo is pictured during the 2014 Mobile World Congress in Barcelona on February 26, 2014. FILE PHOTO | AFP

What you need to know:

  • Belgian researchers Mathy Vanhoef and Frank Piessens of Belgian university KU Leuven disclosed the bug in WPA2
  • It was not immediately clear how difficult it would be for hackers to exploit the bug, or if the vulnerability has previously been used to launch any attacks.
  • The Wi-Fi Alliance, an industry group that represents hundreds of Wi-Fi technology companies, said the issue “could be resolved through a straightforward software update”.

Cyber security watchdogs and researchers are issuing warnings over risks associated with a widely used system for securing Wi-Fi communications after the discovery of a flaw that could allow hackers to read information thought to be encrypted, or infect websites with malware.

Belgian researchers Mathy Vanhoef and Frank Piessens of Belgian university KU Leuven disclosed the bug in WPA2, which secures modern Wi-Fi systems used by vendors for wireless communications between mobile phones, laptops and other connected devices with Internet-connected routers or hot spots.

READ: Deloitte hacked, says 'very few' clients affected

“If your device supports Wi-Fi, it is most likely affected,” they said on the www.krackattacks.com website, which they set up to provide technical information about the flaw and methods hackers might use to attack vulnerable devices.

It was not immediately clear how difficult it would be for hackers to exploit the bug, or if the vulnerability has previously been used to launch any attacks.

Finnish security firm F-Secure said experts have long been cautious about Wi-Fi’s ability to withstand security challenges of the 21st century.

“But the worst part of it is that it’s an issue with Wi-Fi protocols, which means it affects practically every single person in the world that uses Wi-Fi networks,” it said on its website.

READ: Strengths and weaknesses of Cybercrimes Bill

Security update

Microsoft Corp said it had released a security update for Windows. Customers who applied the update, or had automatic updates enabled, would already be protected, it said in a statement emailed to Reuters.

CERT New Zealand and CERT India asked users to apply security updates. CERT NZ suggested using ethernet cables and to connect directly into the network, when possible.

"Given the complexity of updating smart devices such as mobile phones, CERT NZ also strongly recommends disabling Wi-Fi when it isn't required," it said in its advisory.

READ: War on cybercrime goes beyond creating awareness

The Wi-Fi Alliance, an industry group that represents hundreds of Wi-Fi technology companies, said the issue “could be resolved through a straightforward software update”.

The group said in a statement it had advised members to release patches quickly and recommended that consumers quickly install those security updates.

PAYE Tax Calculator

Note: The results are not exact but very close to the actual.

Get it First!

Stay up to date on the editors' picks of the week.

Latest

  1. AFP_347Q3FF

    Electric vehicle firms seek a waiver of 15 taxes on components

  2. Washington Akumu

    Washington Akumu: Gentle giant who stretched the limits of business journalism  

  3. Kenya third best in Africa for immigrants targeting top pay

In the headlines

View All