Spark warns of potential Wi-Fi hack to its customers

Image iStock

Image iStock

The good news (relatively speaking) is that the situation may not be as world-ending as was initially feared.

"Essentially, to guarantee security, a key should only be installed and used once", Vanheuf writes, "Unfortunately, we found this is not guaranteed by the WPA2 protocol".

It's at this point that for our United Kingdom readers I should point out that nonce means something quite different when it comes to cryptography. The Key Reinstallation Attacks allow anyone in close physical proximity to gain access.

Banking details, logins and credit card details are all at risk of being stolen, while the content of emails, chat messages, documents and images are exposed.

He says all devices that connect to Wi-Fi will need system upgrades, including computers, phones, printers and even some wireless speakers.

"Depending on the network configuration, it is also possible to inject and manipulate data, Vanhoef says".

In fact, the scope of the misuse of the above flaw is nearly endless given the ever-widening use of wireless internet in most spheres of our lives.

The protocol used by the majority of WiFi connections is vulnerable, allowing traffic to be exposed.


Beyond monitoring a network to steal or spy, hackers could also interrupt and affect the flow of information, he says.

During his investigations, Vanhoef discovered that Android, Apple, Linux and Windows users are all affected by some variant of the attacks.

Luckily, the WPA2 flaw doesn't affect secure websites, so your personal information should be safe if you limit your internet surfing to these sites.

The Krack attack can hit secure networks, which have a flaw in the "handshake" between device and router.

However, because this attack compromises the WPA2 protocol that both your wireless devices and wireless access point use, MAC filtering is not a particularly effective deterrent against this attack.

The full explanation digs into considerably greater technical detail, but the overarching theme is that this is potentially very bad.

That's probably not a viable option for most people, but if you're completely panic-stricken, then the only way to be completely safe is to avoid using Wi-Fi until you know your router has been patched.

The Wi-Fi Alliance, a group of companies that defines Wi-Fi standards and certifies products, said it will now test for the vulnerability as part of its certification process and provide a detection tool to any of its members. If initial reports are accurate that encryption bypass exploits are easy and reliable in the WPA2 protocol, it's likely attackers will be able to eavesdrop on nearby Wi-Fi traffic as it passes between computers and access points. The October security update addresses the vulnerability by changing how Windows verifies wireless group key handshakes. Google has already confirmed that it is aware of the issue and is working on a patch, and Apple and Microsoft will presumably do the same, as well as Linux purveyors.

Plus, notes Niemelä, even if a hacker was parked in front of your home, they would only be able to meddle with your web traffic if you're not using a secured connection such as HTTPS, when the little green lock is in your browser or on a VPN, a virtual private network that creates a protected tunnel for your web traffic.

Latest News