Researchers Say WiFi Vulnerability Impacts Nearly Everything
Researchers say they've found a serious gap in the WPA2 security protocol that can allow hackers to use key reinstallation attacks (KRACKs) to compromise most WiFi devices. The researchers say the method allows hackers to read encrypted information transiting via WiFi, including passwords, emails, photos, credit card numbers, and more. KRACKs can access nearly all WiFi traffic and, depending on the individual network safety configuration, insert code and alter data, such as send malware. The researchers claim the weakness is in the WiFi standard itself, and not in individual products, which is why the vulnerability is so widespread. Devices running Android, iOS, Linux, Windows, macOS, and other platforms are impacted. The U.S. Computer Emergency Readiness Team (US-CERT) agreed with the researchers' assessment and warned, "The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected." In other words, even if WiFi devices are being used properly, with passwords, they are still vulnerable. Google said it is aware of the issue and will patch the vulnerability in a future security update. The WiFi Alliance has not yet responded to the researcher's revelations.
Apr 12, 2018
Security Research Labs says Android phone makers often miss security patches but still tell owners the phones are up-to-date. Researchers Karsten Nohl and Jakob Lell examined the code of some 1,200 phones from more than a dozen phone makers for every security patch released during 2017.
Oct 12, 2018
Facebook today provided an update on last month's hack. The hackers used accounts under their control to access the tokens of some 400,000 users.
Aug 8, 2018
The Samsung Galaxy S7 has a serious security flaw, according to researchers from Austria’s Graz Technical University. A microchip security issue leaves the S7 open to Meltdown attacks.
Jan 9, 2018
The WiFi Alliance today said it is undertaking new efforts to secure the experience and use of WiFi. The organization plans to enhance the existing WPA2 standard to further reduce potential vulnerabilities.
Jan 16, 2018
OnePlus said it is taking customer complaints about compromised credit card data seriously and is investigating around the clock. Nearly 200 people who purchased products from OnePlus' web site reported fraudulent activity on their credit cards afterwards.