Hackers Krack Wi-Fi
Every Wi-Fi connection is potentially vulnerable to an unprecedented security flaw that allows hackers to snoop on internet traffic, researchers have revealed.
In theory, it allows an attacker within range of a Wi-Fi network to inject computer viruses into internet networks, and read communications like passwords, credit card numbers and photos sent over the internet.
The "Krack" attack has been described as a "fundamental flaw" in wireless security techniques by experts. Apple, Android and Windows software are all susceptible to some version of the vulnerability, which is not fixed by changing Wi-Fi passwords.
"It seems to affect all Wi-Fi networks. It's a fundamental flaw in the underlying protocol. Even if you've done everything right, [your security] is broken," said Alan Woodward of the University of Surrey's Centre for Cyber Security.
"[It means] you can't trust your network; you can't assume that what's going between your PC and router is secure."
Most modern Wi-Fi networks have their traffic encrypted by a protocol known as WPA or WPA-2, which has existed since 2003 and until now has never been broken. This protects data as it travels from a computer or smartphone to a router, stopping hackers and spies from monitoring networks or injecting malicious code into the transfer.
Connecting to a secure network involves a four-way "handshake" between a device and a router to ensure that nobody else can decrypt the traffic. Researcher Mathy Vanhoef of the University of Leuven in Belgium found a way to install a new "key" used to encrypt the communications onto the network, allowing a hacker to gain access to the data.
The attack cannot be carried out remotely; an attacker would have to be in range of a Wi-Fi network to carry it out. It would also not work on secured websites - those that use https at the start of their web address instead of http.
Woodward said the only way to fix the flaw would be to manually replace or patch every router in people's homes. He said that while the attack was not technically easy, tools would soon spring up allowing criminals to carry out the attack.
Krack attack - what to do about it
Make sure you have a password on your Wi-Fi network. If you don't, you're at risk of all kinds of attacks.
Try not to connect to unsecured Wi-Fi networks - these are often seen in hotels, coffee shops and other public spaces. You can tell if a network is secure by a little padlock next to it when you're selecting the network.
The Krack attack affects secure networks, relying on a flaw in the "handshake" between device and router to insert a new "key" that can decrypt communications, potentially stealing passwords and credit card data.
Most banking and online shopping websites use https, an encryption technique that protects you from this flaw. You can check by the little padlock in the top left of the screen by the address bar.
The best thing you can do is update your router. Check who makes your router and try their website to find out how to patch it. Updates may not yet be available.
Security experts say that in the meantime, if you're concerned you should use a "virtual private network" (VPN) such as NordVPN or TunnelBear.
- The Daily Telegraph