Skip to Content
Computing

A billion Wi-Fi devices suffer from a newly discovered security flaw

internet modem/router
internet modem/router
internet modem/routerPhoto by Webaroo on Unsplash

More than a billion internet-connected devices—including Apple's iPhone and Amazon's Echo—are affected by a security vulnerability that could allow hackers to spy on traffic sent over Wi-Fi.

The flaw, discovered by the cybersecurity firm ESET, effectively disarms the encryption used by a password-protected Wi-Fi network. This could let hackers watch the activity on the network as if it were wide open. But while this could mean victims are vulnerable to eavesdropping, software updates and other layers of security will likely prevent this attack from having catastrophic results.

Wh00ps: The vulnerability, dubbed Kr00k by researchers, affects devices with Wi-Fi chips by Broadcom and Cypress—used in a vast range of devices with wireless internet, including Apple, Google, and Samsung phones. But security updates have already been deployed to fix the issue, so the best advice is to make sure your computers, phones, and all internet-connected devices have the latest software and firmware.

Not good, not terrible: In a worst-case scenario, a significant amount of data would be exposed, including the websites you're visiting or messages you are sending. However, a lot of private communication on your Wi-Fi network should still be safe because of encryption used by websites themselves. So keep calm, salute the folks finding these problems, and carry on.

Deep Dive

Computing

Conceptual illustration of quantum computing circuity, in multiple colors
Conceptual illustration of quantum computing circuity, in multiple colors

Quantum computing has a hype problem

Quantum computing startups are all the rage, but it’s unclear if they’ll be able to produce anything of use in the near future.

winning team for Pwn2own 2022
winning team for Pwn2own 2022

These hackers showed just how easy it is to target critical infrastructure

Two Dutch researchers have won a major hacking championship by hitting the software that runs the world’s power grids, gas pipelines, and more. It was their easiest challenge yet.

child outside a destroyed residential building in Kiev
child outside a destroyed residential building in Kiev

Russia hacked an American satellite company one hour before the Ukraine invasion

The attack on Viasat showcases cyber’s emerging role in modern warfare.

A rescuers search for bodies under the rubble of a building destroyed by Russian shelling, amid Russia's Invasion of Ukraine, in Borodyanka, Kyiv region, Ukraine, April 11, 2022. (Photo by Sergii Kharchenko/NurPhoto via AP)
A rescuers search for bodies under the rubble of a building destroyed by Russian shelling, amid Russia's Invasion of Ukraine, in Borodyanka, Kyiv region, Ukraine, April 11, 2022. (Photo by Sergii Kharchenko/NurPhoto via AP)

Russian hackers tried to bring down Ukraine’s power grid to help the invasion

As Russia’s ground war stalls, hackers attempted to cause a blackout for two million people.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.