Most people who use wifi to connect to the net are being urged to watch out because of a new cyber threat to wireless traffic.
Researchers in Belgium have told euronews that hackers can now potentially intercept encrypted data or infect websites by exploiting a security layer, but only if they’re in close proximity to the victim.
Mathy Vanhoef, a computer security expert at KU Leuven university, published his findings on Monday.
“We discovered this new vulnerability in the WPA2 protocol. This protocol is a technology used to protect and secure the data that you transmit over a wifi network. In this protocol, we found quite serious security fails, that hackers can abuse to decrypt, or undo the encryption that is being used. In other words they can steal sensitive data that we thought were safely secured.”
Vanhoef says the attack works by using a so-called “four-way handshake” starting from when the user puts in the correct wifi password, but there’s no need to panic.
“We discovered it ourselves, we notified the companies in advance so they could prepare updates to defend against these weakness before the attackers were able to execute any attacks,” said Vanhoef. “Right now, I don’t expect that it is being abused in practice because it takes quite a while to implement the attacks that could be carried out against victims. So this is an ideal period for users to update their devices before it will be exploited in the wild.”
The researchers have given the security flaw the codename Krack, that’s short for Key Reinstallation attaCK.
Britain and the United States’ respective cyber security centres have issued a warning in response to the weakness.