Another day, another internet warning.
According to the Wi-Fi Alliance©, an industry group, “Recently published research identified vulnerabilities in some Wi-Fi devices where those devices reinstall network encryption keys under certain conditions, disabling replay protection and significantly reducing the security of encryption.”
In other words, our wireless networks aren’t necessarily safe — even if we have them locked. Turns out the locks aren’t exactly tamper-proof and that the data that we send while using our wireless systems — whether in our homes or out in a cafe — are vulnerable.
You know the password you type in when you connect to new Wi-Fi network? For almost every device on the market, that transaction uses an encryption standard called WPA2, or Wi-Fi Protected Access II. It’s been the standard since 2006, but computer scientists have just proven that bad guys could hack into our WPA2-protected systems using something called a Krack — or Key Reinstallation — Attack. That means the joining a Wi-Fi system with a lock on it may not be any safer than using an open system like the one you log into at Starbucks.
While an attacker would have to be nearby — as opposed to hacking your Wi-Fi from across the world — Dr. Qiang Tang, a professor of computer science at the New Jersey Institute of Technology (NJIT) and a leading expert in cybersecurity, explains that the vulnerability isn’t just a matter of a few feet.
“It is pretty wide range,” he wrote us in an email. “People who are outside of the apartment or house can still receive Wi-Fi signals and in principle can eavesdrop on the communications. It not only affects the Wi-Fi in public places, most of which are not doing encryption anyway, it affects every Wi-Fi access point, including the ones in your home.”
How can you protect yourself? Tang says device makers will soon be issuing patches to fix the problem (Microsoft has already has), so “turn on the auto security updates for your computer” and you’ll get your device’s fix as soon as it’s ready. Meanwhile, he says, “Try to use a wired network for the computers, and a cellular network for the phones.”