For most people, you feel more safe at home than anywhere else in the world. While there’s always a risk for theft at any house, you probably don’t worry about having your technology hacked into, but experts are saying that the possibility is now very real. For many years, wireless internet connections within homes used the same security protocol that kept them safe, though the barrier has been broken.
Mathy Vanhoef is a security expert from Belgium’s KU Leuven, and he pointed out that the security had been exposed due to a weakness that hadn’t been broken before. “Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” he said. “This can be used to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on.”
How do you know if your home wi-fi system is at risk? It turns out that pretty much everybody is prone to having their information stolen. “If your device supports wi-fi, it is most likely affected,” Vanhoef says. This includes all smartphones that run on Android or Apple systems, as well as computers that run on Windows and use wireless internet through Linksys or MediaTek. “In general, any data or information that the victim transmits can be decrypted,” Vanhoef said.
Attackers are even able to see your browsing history, Vanhoef warns. “Depending on the device being used and the network setup, it is also possibly to decrypt data sent towards the victim.”
The name of the attack is being called KRACK, which stands for Key Reinstallation Attacks, and breaks the WPA2 protocol that’s used in most wi-fi connections. The United States Computer Emergency Readiness Team knows about the attack, and has said that “The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection and others.” Sources have said that the strength of a wi-fi password has no effect on whether or not you can be hacked, and some are saying that even using wi-fi period should be avoided.
Another way of helping protect your safety is to keep updating your technology. “For ordinary home users, your priority should be updating clients such as laptops and smartphones,” Vanhoef said. Experts also say that the attack has actually been ongoing, and that the threat has been present for longer than they can even predict. The reason why most people haven’t been affected is because of a few factors.
For starters, Vanhoef says that “The attack would have to be physically close to the target and the potential weaknesses would not compromise connections to secure websites, such as banking services or online shopping.” This means that someone with the knowledge of being able to exploit the connection would only be able to get certain information, and most people wouldn’t be exposed to such targeting.
Vanhoef added that “We are examining the research and will be providing guidance if required. Internet security is a key NCSC priority and we continuously update our advice on issues such as wi-fi safety, device management and browser security.” Alex Hudson (Chief Technical Officer) of Iron reiterated that remaining calm is important. “There is a limited amount of physical security already on offer by wi-fi: an attack needs to be in proximity,” he said. “So, you’re not suddenly vulnerable to everyone on the internet. It’s very weak protection, but this is important when reviewing your level threat.”
Hudson added that “Additionally, it’s likely that you don’t have too many protocols relying on WPA2 security. Every time you access an HTTPS site…your browser is negotiating a separate layer of encryption. Accessing secure websites over wi-fi is still totally safe. Hopefully – but there is no guarantee – you don’t have much information going over your network that requires (solely) the encryption WPA2 provides.”
With that in mind, it’s best to keep an eye on what type of protection you’re using, and always have a concern for internet safety without being overly worried. Hudson says that “You shouldn’t be trusting one single point of failure for all your security. Don’t rely on just your wi-fi, use a VPN or secure connection for anything important.”
There have been similar exposures in internet security systems in the past, but nothing quite as blatant as this one, which is being considered by some to be a cyber-attack. Though many of the victims will be targeted personally in this exposure, always make sure to check your accounts where security is of the utmost importance to keep your data private. Companies will continue to roll out updates to fight off these attackers, so don’t keep hitting the “delay” button on these updates if you want to keep private information out of the public forum.