Your Wi-Fi Is Vulnerable to Attacks – Update Your Devices to Fix This
A serious Wi-Fi vulnerability was discovered today affecting almost all Wi-Fi networks and devices using WPA or WPA2 encryption. The Wi-Fi exploit, first reported by Ars Technica , exploits a specific security flaw in the WPA2 wireless security standard, allowing attackers to intercept personal data as well as inject malware into websites visited by the user. Attackers could potentially gain access to encrypted information such as usernames, passwords, and credit card information. Fortunately, companies are already patching the vulnerability to prevent a possible hack, but you will need to do a little work on your part and update your devices.
The KRACK (short for Key Reinstallation Attacks) vulnerability causes the wireless access point to reuse the encryption key it uses, allowing an attacker to decrypt and read data that should have been encrypted. “Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and others are susceptible to one or another attack,” said the researchers who discovered the vulnerability.
How to fix it
The easiest way to protect yourself? Update your device, that is, wait for the manufacturer to do it. On October 10, Microsoft already released a software update for supported versions of Windows, addressing the vulnerability before it affected anyone. According to 9to5Mac, Apple says it has fixed the issue in future updates for its products. We’ve been contacted to find out when the fixes will be released.
The United States Computer Emergency Preparedness Team ( US-CERT ) has compiled a list of manufacturers that have been notified of the vulnerability and whether they have provided information on updated devices. Be sure to check if your wireless router manufacturer is listed and update by following their instructions.
As always, you should stay away from public Wi-Fi if you can help, and continue to use WPA2 encryption on your devices as it is still the most secure option available.
Updated at 5:00 PM ET, 10/16/17 ET: Apple has confirmed that a fix for the vulnerability will be released “within the next few weeks.”