By Maryam Adebayo
A newly uncovered vulnerability in the widely adopted Wi-Fi encryption protocol could expose millions of users to potential attacks, prompting alerts from both the US government and global security experts on Monday.
The US government’s Computer Emergency Response Team (CERT) issued a security advisory stating that the flaw in the encryption protocol known as WPA2 could allow attackers to intercept or manipulate data transmitted over wireless networks.
“The exploitation of these vulnerabilities could grant an attacker control over an affected system,” warned CERT, an agency within the US Department of Homeland Security.
The warning followed research conducted by computer scientists at KU Leuven in Belgium, who named the vulnerability KRACK (Key Reinstallation Attack). This flaw, according to Ars Technica, was kept under wraps for weeks to allow Wi-Fi system manufacturers to develop and release security patches.
Mathy Vanhoef, a researcher at KU Leuven, explained in a blog post that KRACK enables attackers to bypass the encryption “key” on Wi-Fi connections, potentially exposing previously secure information such as passwords, credit card numbers, and personal messages. The vulnerability could also be exploited to inject malware like ransomware into websites.
Vanhoef’s team emphasized that devices across various operating systems, including 41% of Android devices, are susceptible to KRACK.
Security experts expressed significant concern about the widespread impact of this vulnerability due to the prevalence of Wi-Fi networks and the challenges associated with patching millions of devices.
Rob Graham from Errata Security commented, “Wow. Everyone needs to be afraid,” highlighting the potential for attackers to decrypt a substantial amount of Wi-Fi traffic depending on network configurations.
Alex Hudson of Iron Group cautioned that while encryption on most websites should still protect internet browsing, many Internet-connected devices could remain vulnerable due to inadequate security measures.
F-Secure, a security firm based in Finland, echoed these concerns, noting that the issue affects virtually every Wi-Fi user worldwide and recommending precautions such as using virtual private networks (VPNs) and promptly updating devices and routers.
Despite the severity of the flaw, the Wi-Fi Alliance, which establishes wireless connection standards, advised against panic, encouraging users to stay informed about updates and security measures.
Overall, the KRACK vulnerability underscores longstanding worries about the security of Wi-Fi networks and the ongoing need for vigilance and swift action to mitigate potential risks.