WiFi isn’t safe: WPA2 Protocol broken by Belgian Researchers
The protocol used by the majority of WiFi connections is vulnerable, allowing traffic to be exposed.
WiFi connections aren’t safe. This isn’t a new statement, it’s advice security experts have given for years, and now as a result of Belgian researchers, it’s more true than ever. Mathy Vanhoef of Belgian university KU Leuven published a report on Monday detailing a flaw in the WPA2 protocol.
WPA2 stands for WiFi Protected Access II. It is meant to secure wireless computer networks but, per Vanhoef:
“Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on… the attack works against all modern protected wifi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
Later on, Vanhoef writes that if your device supports WiFi it’s probably affected. But for the record, this affects:
The flaw affects the protocol itself, not any specific device or software, so it’s possible to have the correct implementations and still be adversely affected.
How do I stay safe?
Well, we already would have recommended staying off public WiFi to begin with. But this doesn’t just affect public WiFi, it affects all WiFi. Fortunately, the attacker would need to be in close proximity to you in order to pull off an attack. So that limits the potential quite a bit.
Still, if you’re going to use WiFi, we recommend SSH or – what we use ourselves – a VPN. Both of these can keep third parties from eavesdropping, manipulating information and causing other problems with your encryption.
Also, update your router. You’ve been neglecting those updates, haven’t you?
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown