Researchers Say WiFi Vulnerability Impacts Nearly Everything
Researchers say they've found a serious gap in the WPA2 security protocol that can allow hackers to use key reinstallation attacks (KRACKs) to compromise most WiFi devices. The researchers say the method allows hackers to read encrypted information transiting via WiFi, including passwords, emails, photos, credit card numbers, and more. KRACKs can access nearly all WiFi traffic and, depending on the individual network safety configuration, insert code and alter data, such as send malware. The researchers claim the weakness is in the WiFi standard itself, and not in individual products, which is why the vulnerability is so widespread. Devices running Android, iOS, Linux, Windows, macOS, and other platforms are impacted. The U.S. Computer Emergency Readiness Team (US-CERT) agreed with the researchers' assessment and warned, "The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected." In other words, even if WiFi devices are being used properly, with passwords, they are still vulnerable. Google said it is aware of the issue and will patch the vulnerability in a future security update. The WiFi Alliance has not yet responded to the researcher's revelations.
Apr 12, 2018
Security Research Labs says Android phone makers often miss security patches but still tell owners the phones are up-to-date. Researchers Karsten Nohl and Jakob Lell examined the code of some 1,200 phones from more than a dozen phone makers for every security patch released during 2017.
Dec 14, 2016
Yahoo today disclosed that up to one billion user accounts were accessed by a third party in August 2013. The outside party was able to steal names, email addresses, phone numbers, dates of birth, hashed passwords, and some security questions/answers.
Jun 14, 2017
Facebook today updated its Safety Check feature by rounding out the set of tools found within. To start, it is now possible to start and/or support a fundraiser directly from within Safety Check.
Oct 12, 2018
Facebook today provided an update on last month's hack. The hackers used accounts under their control to access the tokens of some 400,000 users.