Critical Wi-Fi Security Flaw Leaves Communications Exposed to Eavesdroppers

Be careful what you send over Wi-Fi. 

Justin Sullivan/Getty Images

It might be time to pull out your old Ethernet cords. Security researchers have discovered critical vulnerabilities in Wi-Fi connections that could allow cyber attackers to eavesdrop on internet traffic by infecting networks with computer viruses. This leaves passwords, credit card numbers, emails, photos, and other communications you transmit through the internet potentially exposed to malicious actors.

The project that uncovered the flaw, called KRACK (short for “Key Reinstallation Attacks”), is based at KU Leuven, a Belgian university. Researchers there were able to poke holes in the WPA2 security protocol, which is the most common method of protecting Wi-Fi connections through the use of encryption keys. This is the first time that the protocol has been cracked since its release in 2003.

The researchers say that Apple, Windows, Android, and Linux devices are at risk. They mentioned that Android users are in particular danger as 41 percent of the devices are susceptible to an “exceptionally devastating” attack that can exploit their traffic. There is already a software update that should fix the security gap for Windows users, Microsoft told the Verge. Google has also told the publication that it will release a patch “in the coming weeks.”

US-CERT, the Department of Homeland Security’s computer emergency team, issued a statement:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

If you’re worried about the security of your Wi-Fi connection, the best thing to do now is to make sure you’re keeping up to date on all of your software security patches. Changing your Wi-Fi password won’t help, but you can look for other security protocols or find a reliable VPN. Or else there’s always your trusty Ethernet cord.