From Now On Your Mobile Phone WiFi Is At Risk (See HOW)
Thanks to a newly discovered security flaw, your home WiFi is completely hackable, giving cyber thieves a front row seat to everything from your private chats to your baby monitor. And there’s not much you can do about it — yet.
Bob Rudis, chief data scientist at Rapid7, a security data and analytics company, told NBC News this vulnerability was particularly troubling.
“When I woke up this morning and saw this one, I was taken aback,” he said.
ALSO SEE: #NXTech: Microsoft To Launch A Special Office 365 Tool Bar For MacOS
Called Krack, the attack takes advantage of the four-way handshake, a process between a device and a router that has been around for 14 years and is designed to deliver a fresh, encrypted session each time you get online.
During the third step in the process, hackers can resend a key in such a way that it resets the encryption key to zero. Encryption is the process that makes your data uncrackable to anyone who might intercept it.
With an unencrypted session, hackers are then free to pry on whatever you and your devices are doing on WiFi.
“The one saving grace is the attackers need to be within range of WiFi networks,” said Rudis. “But someone can sit outside your office or the apartment next door and do this attack from there.”
The Krack attack was discovered by researchers Mathy Vanhoef and Frank Piessens of KU Leuven in Belgium and was revealed on Monday.
It’s a common practice in the security world to notify vendors of an exploit before it is publicly released. On their website, the researchers said they notified vendors of the products they tested on July 14. After realizing they were dealing with a protocol weakness instead of a set of bugs, the duo alerted the United States Computer Emergency Readiness Team (CERT), who began contacting vendors in August.
CERT disclosed the exploit on Monday and included a list of vendors, when they were notified, and whether they are affected. As of Monday afternoon, many were listed as “unknown.”
It’s difficult to determine if any cyber criminals have used the exploit “in the wild” or are currently using it, the researchers said on their website. A demo video showed how they were able to use the attack to hack into an Android 6.0 smartphone.
Google, which develops the Android operating system, is aware of the issue and “will be patching any affected devices in the coming weeks,” a spokesperson said.
Tech Trends: How To Keep Germs Away Using Steri Shoe Ultaviolet Sanitizer
Robert Siciliano, CEO of IDTheftSecurity.com, told NBC News “it’s hard, if not impossible to say” if this attack has ever been used. However, given the amount of time the four-way handshake has been around, he believes it’s possible someone has used it.
“This vulnerability has been in existence, some say, for up to 14 years — which means that it’s entirely possible someone has already determined this flaw in the past and has exploited it,” he said.