Major wifi concerns uncovered
UPDATE 30 Oct: Manufacturers are pushing out fixes for many devices now, so you should check on yours. Plus quite a few were prepared before this announcement and had already issued updates. Windows and iOS users are okay – others still need to check.
Worrying news has emerged today for anyone who uses WiFi – which is pretty much everyone!
Security researchers have found a serious vulnerability in the technology used to secure WiFi connections. It’s called WPA2 and is used basically everywhere.
This is news that’s only broken this morning and the IT sector is still digesting the implications and what the possible solutions will be. In fact, the two people who found the flaw in the system are only just, as we write, beginning to reveal the detail of their findings.
As with everything, there’s likely to be a fix, almost certainly via updates to WiFi-enabled devices, but that can only happen once everyone is happy that the fix is just that and not a rushed solution that might be useless – or could even potentially make things worse!
To be clear, when it comes that fix may or may not need to be applied to routers and other connectivity devices, but will certainly apply to any wi-fi connected devices you use, including laptops, tablets, phones, security cameras, TVs, speakers, gaming consoles, Internet of Things devices and anything else you can think of.
Be WiFi Wary for Now
What do we know so far and what can we do about it?
- If you use WiFi as your connection, assume your data can now be compromised by an attacker.
- If your data is highly sensitive, until we know more, the only way to be truly safe is to switch off WiFi.
- You are still safe if you use a hard-wired connection or mobile data, as the latter doesn’t rely on WPA2 (as long as you’re not connecting to the mobile via WiFi as a hotspot).
- The attack is not limited to grabbing your login credentials, it can intercept any other kind of traffic too.
- Even where websites you connect to use HTTPS (secure) connections, these can be bypassed too, so you should not assume they are safe.
- Keep an eye out for software and firmware updates to your WiFi connected devices to ensure you get any fixes for this problem as soon as they come out.
- An attacker would have to be on the same base station (i.e. router) as you to use this method of attack, they can’t get to you from just anywhere on the internet.
- Be circumspect about what data you access via networks that could be physically joined by an attacker (i.e. they could be nearby and on the same base station). You might want to avoid internet banking, sharing confidential data, etc. If in doubt, wait until you can connect an ethernet cable or use mobile data.
- Android devices are especially vulnerable, so take extra care with those.
- The method of breaking the WPA2 security has been named Krack Attacks by those who discovered it. You’re probably going to hear that name a lot in coming days.
This is a significant development for everyone. It’s probably one of the biggest IT scares for a long time because its effects could be so widespread.
However, you should keep a sense of perspective. When you’re at home your neighbour is unlikely to be trying this out on you (though be conscious of the computer-literate teenager who wants to test the theory…) and an attacker has to be on the same network. Out in public there is going to be more risk and you have to balance that with being able to keep operating. This will get fixed and you should be consciously looking for those fixes being released for all devices so that you can apply them straightaway.
When we know more about the effects and the likely solutions, we will of course update these pages.
In the meantime, clients who have concerns can raise a support ticket in the usual way.