The wi-fi connections of homes and businesses around the world are at risk, according to researchers who have revealed a major flaw, dubbed Krack.
It concerns an authentication system which is widely used to secure wireless connections. The weakness was discovered in the wireless security protocol WPA2.
The security protocol used to protect the vast majority of Wi-Fi connections has been broken, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks, according to the researcher who discovered the weakness.
By accessing these networks, cyber criminals can clearly read information which is being shared over Wi-Fi networks. From this, personal information such as banking details, chat messages and passwords can be viewed by the hackers.
Experts said it could leave "the majority" of connections at risk until they are patched.
- Consider using a VPN to ensure a secure connection to Wi-Fi networks which cannot be hacked into.
- You can also get a secure connection by using 3G and 4G connections.
- Stick to secured websites (look for HTTPS within the address bar) when entering ANY personal details over a Wi-Fi network.
The researcher emphasised that “the attack works against all modern protected wifi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject Ransomware or other malware into websites.”
The vulnerability affects a number of operating systems and devices, the report said, including Android, Linux, Apple, Windows and others.
Britain’s National Cyber Security Centre said in a statement it was examining the vulnerability. “Research has been published today into potential global weaknesses to wifi systems. The attacker would have to be physically close to the target and the potential weaknesses would not compromise connections to secure websites, such as banking services or online shopping.
“We are examining the research and will be providing guidance if required. Internet security is a key NCSC priority and we continuously update our advice on issues such as wifi safety, device management and browser security.”
Importantly, the attack is unlikely to affect the security of information sent over a network that is protected in addition to the standard WPA2 encryption. This means connections to secure websites are still safe, as are other encrypted connections such as virtual private networks (VPN).