Share

US warns of security flaw which can compromise Wi-Fi connections

Washington - The US government's computer security watchdog warned Monday of a security flaw in Wi-Fi encryption protocol which can open the door to attacks to eavesdrop on or hijack devices using wireless networks.

The disclosure by the government's Computer Emergency Response Team could potentially allow hackers to snoop on or take over millions of devices which use Wi-Fi.

The agency, part of the Department of Homeland Security, said the flaw was discovered by researchers at the Belgian university KU Leuven.

According to the news site Ars Technica, the discovery was a closely guarded secret for weeks to allow Wi-Fi systems to develop security patches. Attackers can exploit the flaw in WPA2 - the name for the encryption protocol - "to read information that was previously assumed to be safely encrypted," said a blog post by KU Leuven researchers.

"This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks.

"Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."

KRACK

The flaw was dubbed KRACK for Key Reinstallation AttaCK because it allows attackers to insert a new "key" on a Wi-Fi connection that keeps data private.

Security researchers said the newly discovered flaw was serious because of the ubiquity of Wi-Fi and the difficulty in patching millions of access points.

"Wow. Everyone needs to be afraid," said Rob Graham of Errata Security in a blog post.

"It means in practice, attackers can decrypt a lot of Wi-Fi traffic, with varying levels of difficulty depending on your precise network setup."

The Wi-Fi Alliance, an industry group which sets standards for wireless connections, said computer users should not panic.

"There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections," the group said in a statement.

"Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member."


SUBSCRIBE FOR FREE UPDATE: Get Fin24's top morning business news and opinions in your inbox.

Read Fin24's top stories trending on Twitter:

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.97
-0.2%
Rand - Pound
24.06
+0.2%
Rand - Euro
20.57
+0.1%
Rand - Aus dollar
12.35
+0.6%
Rand - Yen
0.13
+0.8%
Platinum
900.98
-0.2%
Palladium
1,000.76
-0.5%
Gold
2,153.55
-0.3%
Silver
24.91
-0.5%
Brent Crude
86.89
+1.8%
Top 40
65,669
-0.9%
All Share
71,900
-0.7%
Resource 10
52,931
-0.7%
Industrial 25
99,286
-1.2%
Financial 15
16,575
-0.3%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders