A newly discovered flaw in the WPA2 protocol leaves all users’ data vulnerable to theft.
According to a recent discovery, a specific flaw in the popular WPA2 protocol makes every single device connected to Wi-Fi vulnerable to data theft.
A researcher from the Belgian University, KU Leuven, Mathy Vanhoef, recently discovered a serious vulnerability in the WPA2 protocol. The WPA2 protocol is widely used by all Wi-Fi networks and router manufacturers which encrypts your device’s communication with the Wi-Fi network.
Vanhoef recently published his findings in a detailed report which explained that malicious attackers can exploit these vulnerabilities using a key installation attack, or “Krack”.
According to Vanhoef, hackers can utilize this technique to intercept data and information that the user assumes to be encrypted. This method can easily be used steal sensitive information including login credentials, financial information, banking details, emails, etc.
Vanhoef emphasized that every single device that connects to Wi-Fi is vulnerable as the flaw lies in the Wi-Fi network itself, instead of individual devices or implementation. Essentially any device that can connect to Wi-Fi is at risk.
However, there are some steps required in the technique that could keep you safe.
According to Britain’s National Cyber Security Centre, the intended hacker has to be in close proximity of the targeted Wi-Fi network. In addition, the vulnerabilities would not affect connections to secure websites such as banking websites or online shopping. The agency stated that they are currently investigating Vanhoef’s report, and would update its safety guidelines as is required.
Users who use a Virtual Private Network (VPN) for online activity or frequent websites that have additional security measures in place, probably won’t have to fear attack.
Vanhoef has also urged users to update all devices that have the ability to connect to Wi-Fi as soon as the device manufacturer makes software updates or patches available.
Microsoft recently confirmed that they have released a patch to address the vulnerability. The company urged users to apply the update, to ensure protection against the flaw.
Apple has also stated that they acknowledge the problem and intend to make a patch available in the next few weeks.
In the case of users whose device manufacturers have no intention of releasing a security update, it is highly recommended to start using a VPN to ensure that all your online activity remains safe.