Researchers Say WiFi Vulnerability Impacts Nearly Everything
Researchers say they've found a serious gap in the WPA2 security protocol that can allow hackers to use key reinstallation attacks (KRACKs) to compromise most WiFi devices. The researchers say the method allows hackers to read encrypted information transiting via WiFi, including passwords, emails, photos, credit card numbers, and more. KRACKs can access nearly all WiFi traffic and, depending on the individual network safety configuration, insert code and alter data, such as send malware. The researchers claim the weakness is in the WiFi standard itself, and not in individual products, which is why the vulnerability is so widespread. Devices running Android, iOS, Linux, Windows, macOS, and other platforms are impacted. The U.S. Computer Emergency Readiness Team (US-CERT) agreed with the researchers' assessment and warned, "The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected." In other words, even if WiFi devices are being used properly, with passwords, they are still vulnerable. Google said it is aware of the issue and will patch the vulnerability in a future security update. The WiFi Alliance has not yet responded to the researcher's revelations.
Google Gives Nexus Phones Access to WiFi Assistant
Google this week made its WiFi Assistant feature available to all Nexus devices. The tool is a direct carryover from Google's Project Fi.
C Spire Boosts WiFi Hotspot Access for iPhones
C Spire Wireless today expanded its WiFi On service to iOS devices, allowing its iPhone customers to more easily connect to some 20 million WiFi hotspots around the country. The WiFi On app is already available to Android handsets.
WiFi Alliance Promises Faster WiFi Is On the Horizon
The WiFi Alliance today announced an expansion of its WiFi Certified ac program in an attempt to boost the speed and capacity of WiFi routers and other WiFi-equipped devices. Specifically, devices won't receive WiFi Certified ac status unless they make improvements to several core functions.
Google Issues Android Security Patch
Google today pushed out a security update to devices running Android 6.0 Marshmallow. Google said the most urgent issue pertained to "a critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files." Google says, to its knowledge, none of these weaknesses have been exploited.