Google and Apple have promised to update the software that caused severe flaws in Wi-Fi home technology networks, leading to one of the biggest security scares of the year.
Computer security experts were on high alert yesterday after it emerged encryption algorithms designed to protect people’s privacy online have been cracked.
The incident, described as ‘unprecedented’, led technology companies to rapidly issue updates – although it seems many could have known about it for weeks.
Google and Apple have promised to update the software that caused severe flaws in Wi-Fi home technology networks (stock image)
News of the vulnerability, known as Krack, or Key Reinstallation Attacks, emerged after experts from the Katholieke Universiteit (KU) Leuven, Belgium, announced they would be releasing their findings to the public.
They found cyber criminals within physical range of any WPA2 protected wireless router – which includes almost all home users – can spy on your every move online.
It could also provide them easy access to data from smart devices, including baby monitors and internet connected security cameras.
Apple said it was currently testing updates to iOS and MacOS which would be released in a few weeks time.
Microsoft said it had already fixed the problem for users on Windows 7,8 and 10, writes the Telegraph.
Google said it would release a fix on 6 November.
However, Android users could be waiting months before they are safe as manufacturers have to release their own updates.
The updates should limit the security risk but internet users have still been urged to patch their routers.
BT, Sky and Virgin have not issued guidance on how to update routers.
Details of the exploit were published to the researchers’ website shortly before this article was published.
Krack uses a flaw in the Wi-fi Protected Access II protocol (WPA2), developed 13 years ago, which renders it useless.
Depending on the network configuration, it is also possible hackers could inject and manipulate data.
Cyber criminals within physical range of any WPA2 protected wireless router can spy on our every move online. It could also provide them easy access to data from our smart devices, including baby monitors and internet connected security cameras (stock image)
For example, an attacker might be able to inject ransomware or other malware into websites.
In a written statement, the researchers said: ‘We discovered serious weaknesses in WPA2, a protocol that secures all modern protected WiFi networks.
‘An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks.
‘Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.
‘This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.’
Krack is believed to target a process called a handshake, an automated negotiation that happens between devices on a network.
Handshaking establishes rules for communication between a ‘foreign’ device and the router, whether that’s a printer, server or smartphone.
By agreeing to the rules established during the handshake, the foreign device is then able to establish a connection with the home network.
WPA2 uses a four-way handshake to establish a key for encrypting traffic, to protect it from prying eyes.
During the third stage, researchers discovered the key can be resent multiple times.
Key generation, while seemingly random, is actually governed by a mathematical formula.
Through this third stage, they are believed to have been able to crack the underlying formal used to generate keys through trial and error.
The full findings of the KU Leuven team will be presented on November 1 at the ACM Conference on Computer and Communications Security in Dallas.