19:33 16 October 2017
Every WiFi connection is potentially vulnerable to an unprecedented ‘Krack’ hacking attack. Researchers said that hackers can take advantage of the security flaw, which is the first to be found in the authentication system that has been in use to secure WiFi networks for the last 14 years, to snoop on internet traffic.
Experts said that the major flaw could leave the majority of connections at risk until they are patched. They said that Apple, Android and Windows software are all susceptible to some version of the vulnerability. However, they added that the flaw is ‘exceptionally devastating’ for Android 6.0 and above as well as Linux.
A spokesperson for Google said that they are aware of the issue and that they are going to patch all affected devices in coming weeks.
Most modern WiFi networks use WPA or WPA-2 to encrypt the traffic that goes through them. This system has been in use since 2003 and until now, it has never been broken. This stops hackers from monitoring networks or injecting malicious code into the transfer. However, connecting to a secure network involves a four-way “handshake” between a router and a device. Experts have found a way to install a new ‘key’ to encrypt the communications onto the network. This can allow hackers to access the data.
The US Computer Emergency Readiness Team (Cert) has issued a warning on the flaw.
"US-Cert has become aware of several key management vulnerabilities in the four-way handshake of wifi protected access II (WPA2) security protocol," it said.
"Most or all correct implementations of the standard will be affected."