The most common form of WiFi Encryption security, WPA2 has been compromised this week by hacker Mathy Vanhoef. He discovered that it was possible to force WiFi enabled devices to change their encryption key to one predetermined by the attacker, thus making all information sent and received between the wireless device and WiFi access point visible. When combined with SSLStrip and Wireshark, an attacker could see all of the data transferred between smartphones and laptops and the any WiFi network, including credit card and bank account info, and login usernames and passwords to any website. Since WPA2 is the current standard for all wireless devices this discovery has huge implications. Thankfully the hacker decided to release the information publicly so that developers and manufacturers can resolve it quickly, instead of selling it to malicious actors.
Watch this video to see how it’s done:
This attack can only be implemented from within WiFi range, so free public WiFi hotspots will be the obvious choice for hackers to try to steal information from.
It is very important that whatever WiFi enabled devices you are using get updated immediately. Click here to view a list of hardware manufacturers’ instructions for updating your device’s firmware to patch the flaw. Fortunately Microsoft already released an update to fix Windows, but older Android devices and Linux embedded Internet of Things devices may be more vulnerable as they may not be receiving updates.