WiFi isn’t safe: WPA2 Protocol broken by Belgian Researchers
The protocol used by the majority of WiFi connections is vulnerable, allowing traffic to be exposed.
WiFi connections aren’t safe. This isn’t a new statement, it’s advice security experts have given for years, and now as a result of Belgian researchers, it’s more true than ever. Mathy Vanhoef of Belgian university KU Leuven published a report on Monday detailing a flaw in the WPA2 protocol.
WPA2 stands for WiFi Protected Access II. It is meant to secure wireless computer networks but, per Vanhoef:
“Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on… the attack works against all modern protected wifi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
Later on, Vanhoef writes that if your device supports WiFi it’s probably affected. But for the record, this affects:
- Android
- Linux
- Apple
- Windows
- OpenBSD
- MediaTek
- Linksys
The flaw affects the protocol itself, not any specific device or software, so it’s possible to have the correct implementations and still be adversely affected.
How do I stay safe?
Well, we already would have recommended staying off public WiFi to begin with. But this doesn’t just affect public WiFi, it affects all WiFi. Fortunately, the attacker would need to be in close proximity to you in order to pull off an attack. So that limits the potential quite a bit.
Still, if you’re going to use WiFi, we recommend SSH or – what we use ourselves – a VPN. Both of these can keep third parties from eavesdropping, manipulating information and causing other problems with your encryption.
Also, update your router. You’ve been neglecting those updates, haven’t you?
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown