All Wi-Fi Networks Reportedly Vulnerable To Hacking

Security experts warn that all Wi-Fi networks are vulnerable to hacking after a Belgian researcher managed to break through a protective security protocol implemented in most of the world’s routers.

Whilst unsurprising, given all the major hacks that have happened lately (Yahoo, Equifax, HBO), confirming it still makes us all feel a little uneasy.

The researcher, Mathy Vanhoef, was studying the WPA2 security protocol used in wireless networks when he came across the vulnerability, and the result means that all devices that have a Wi-Fi connection could be affected by the weakness.

Vanhoef’s findings mean that any router that uses WPA2 Wi-Fi will reportedly carry the flaw, rather than any specific device made by a particular manufacturer or model.

Vanhoef gave this warning:

“We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs)… The attack works against all modern protected Wi-Fi networks.”

All modern routers reportedly use the ‘4-way’ handshake to verify the credentials of the person wanting to access a protected Wi-Fi network against the server’s password. The 4-way handshake creates a fresh encryption key to encrypt data each time someone new joins the network. The key reinstallation attack is “achieved by manipulating and replaying cryptographic handshake messages,” meaning attackers can essentially deceive users into reinstalling a key that has already been used, allowing the hacker to attack the encryption protocol.

This vulnerability that reportedly affects most of the world’s routers could allow hackers to get in between the Wi-Fi traffic exchanged between devices using the same connection. As most laptops, tablets, printers and other mobile devices use the same wireless access point, hackers could infiltrate the connection and steal private information.

Working with Belgian University KU Leuven, Vanhoef warns that hackers can use this method of attack to steal sensitive information that was “previously assumed to be safely encrypted“, including financial information, login details, online messages, e-correspondence, digital photographs etc.

It’s not just information being taken that’s worrying; hackers who get in could inject harmful malware, and hold your data for ransom!

However, the one good news is that the hackers wanting to expose this vulnerability must be physically close by. Britain’s National Cyber Security Centre produced a statement emphasising the need for physical proximity. It also notes that the potential weakness “would not compromise connections to secure websites, such as banking services or online shopping,” – i.e. websites that usually have a padlock icon in the URL bar.

Publication of the report must have reached Apple, Google, Microsoft etc. We now rely on them to keep producing up-to-date software to patch up these vulnerabilities. However, security research fellow at UCL, Dr Steven J Murdoch, warns that “many manufacturers do not fix vulnerabilities in their products which they are not actively marketing.” This could mean that users of older or less popular devices could be left in the dark with no one to check up on security protection.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.