In a shocking revelation, WPA2 wireless security, used by virtually all wi-fi devices, was discovered to contain a flaw which can expose all data transmitted over the connection
Details regarding a flaw in the WPA2 wireless security standard have been leaked ahead of the scheduled publication date, effectively shortening the period during which time device manufacturers can prepare patches, and placing additional pressure on users to apply patches to affected devices before attacks can be launched by hackers. The research paper was discovered and reported on earlier today by the Ars Technica website.
Establishment of a wireless connection requires a complex series of “handshaking” steps between devices. The researcher discovered that one of these steps – the transmission of the password – can be disrupted, forcing the devices to agree amongst themselves to use no password. Hackers may be able to cause this disruption, forcing communications to become accessible to a nearby snooping device.
Affected devices include wireless routers, tablets, phones, laptop computers, wireless printers, smart TV’s and any other device with wireless capability. In addition to being able to monitor communications, hackers may also be able to use the flaw to inject malware such as ransomware into the information you receive from legitimate websites.
The only solution to this issue is to disable wireless access from your router and to stop using your wireless devices until they can be patched. It is unclear whether patches will be made available in a timely fashion for older devices (such as routers and older cell phones).
All operating systems may be affected by this flaw, but the researcher indicates that Android and Linux devices are particularly vulnerable due to their open software standards.
You are encouraged to contact the manufacturers of your wireless-capable devices and attempt to acquire updates. If you suspect your communications have been compromised due to this flaw, please contact me, or your preferred security professional.
Jack Eisenberg is the owner of Safe and Secure Computing and regularly monitors cyber security developments such as this one.