Secure Wi-Fi Networks Everywhere Are Wide Open to Hacks, Thanks to a Newly Discovered Security Flaw
Your wireless network isn’t as safe as you thought it was.
Security researcher Mathy Vanhoef has discovered a serious flaw, which he’s calling KRACK, in the WPA2 protocol that secures almost every modern Wi-Fi network. The vulnerability could allow hackers to inject malware into websites, or spy on people by reading information that was until now assumed to be encrypted.
The flaw exists in the verification process that’s carried out when users join a protected Wi-Fi network using a password they’ve been given. At that point, the WPA2 protocol gives the user an encryption key that’s used to scramble data being sent across the connection. That encryption key, along with some other numbers, is supposed to be used just once.
But numbers used by the protocol can sometimes be reused, and Vanhoef has shown that it’s possible to forcibly obtain them and reverse-engineer the system to decrypt transmitted data.
Vanhoef says that “any correct implementation of WPA2 is likely affected,” which means “any device that uses Wi-Fi is likely vulnerable.” Android, Apple, and Windows software is all said to be affected by KRACK attacks on some level.
The Wi-Fi alliance, which certifies Wi-Fi devices, says “there is no evidence that the vulnerability has been exploited maliciously.” It also adds that the issue “can be resolved through straightforward software updates.” Now, we just need to wait for those software updates to arrive.
Geoffrey Hinton tells us why he’s now scared of the tech he helped build
“I have suddenly switched my views on whether these things are going to be more intelligent than us.”
Meet the people who use Notion to plan their whole lives
The workplace tool’s appeal extends far beyond organizing work projects. Many users find it’s just as useful for managing their free time.
Learning to code isn’t enough
Historically, learn-to-code efforts have provided opportunities for the few, but new efforts are aiming to be inclusive.
Deep learning pioneer Geoffrey Hinton has quit Google
Hinton will be speaking at EmTech Digital on Wednesday.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.