Washington, DC - The protocol used by the majority of WiFi connections is vulnerable, allowing traffic to be exposed.
WiFi connections aren’t safe. This isn’t a new statement, it’s advice security experts have given for years, and now as a result of Belgian researchers, it’s more true than ever. Mathy Vanhoef of Belgian university KU Leuven published a report on Monday detailing a flaw in the WPA2 protocol.
WPA2 stands for WiFi Protected Access II. It is meant to secure wireless computer networks but, per Vanhoef:
“Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on… the attack works against all modern protected wifi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
Later on, Vanhoef writes that if your device supports WiFi it’s probably affected. But for the record, this affects:
- Android
- Linux
- Apple
- Windows
- OpenBSD
- MediaTek
- Linksys
The flaw affects the protocol itself, not any specific device or software, so it’s possible to have the correct implementations and still be adversely affected.
How do I stay safe?
Well, we already would have recommended staying off public WiFi to begin with. But this doesn’t just affect public WiFi, it affects all WiFi. Fortunately, the attacker would need to be in close proximity to you in order to pull off an attack. So that limits the potential quite a bit.
Still, if you’re going to use WiFi, we recommend SSH or – what we use ourselves – a VPN. Both of these can keep third parties from eavesdropping, manipulating information and causing other problems with your encryption.
Also, update your router. You’ve been neglecting those updates, haven’t you?