Researchers Say WiFi Vulnerability Impacts Nearly Everything
Researchers say they've found a serious gap in the WPA2 security protocol that can allow hackers to use key reinstallation attacks (KRACKs) to compromise most WiFi devices. The researchers say the method allows hackers to read encrypted information transiting via WiFi, including passwords, emails, photos, credit card numbers, and more. KRACKs can access nearly all WiFi traffic and, depending on the individual network safety configuration, insert code and alter data, such as send malware. The researchers claim the weakness is in the WiFi standard itself, and not in individual products, which is why the vulnerability is so widespread. Devices running Android, iOS, Linux, Windows, macOS, and other platforms are impacted. The U.S. Computer Emergency Readiness Team (US-CERT) agreed with the researchers' assessment and warned, "The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected." In other words, even if WiFi devices are being used properly, with passwords, they are still vulnerable. Google said it is aware of the issue and will patch the vulnerability in a future security update. The WiFi Alliance has not yet responded to the researcher's revelations.
Oct 12, 2018
Facebook today provided an update on last month's hack. The hackers used accounts under their control to access the tokens of some 400,000 users.
Apr 12, 2018
Security Research Labs says Android phone makers often miss security patches but still tell owners the phones are up-to-date. Researchers Karsten Nohl and Jakob Lell examined the code of some 1,200 phones from more than a dozen phone makers for every security patch released during 2017.
Jan 9, 2018
The WiFi Alliance today said it is undertaking new efforts to secure the experience and use of WiFi. The organization plans to enhance the existing WPA2 standard to further reduce potential vulnerabilities.
Mar 30, 2018
Under Armour says the data of about 150 million people was taken from its MyFitnessPal app and web site. MyFitnessPal is a popular tool for managing diet and exercise.
Jul 3, 2018
Researchers have recently discovered a new security vulnerability affecting all 4G LTE networks. The so-called "aLTEr" attack could allow someone nearby to send your phone's browser to a web site different than the one requested, impersonating your bank's web site, for example.