Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

'Most or all' WiFi security broken, potentially allowing any device to be broken into, US government warns

The problem is in WPA 2, the security protocol that is almost certainly guarding your house right now

Andrew Griffin
Monday 16 October 2017 08:29 BST
Comments
Any device that connects to almost any WiFi network could be potentially compromised
Any device that connects to almost any WiFi network could be potentially compromised

Almost every Wi-Fi network could have been compromised, according to the US government.

A problem with the WPA 2 standard – used in almost every home Wi-Fi network – means that potentially any network using it could be broken into, according to a new warning. Once that's happened, anything on the network is exposed, meaning that hackers could snoop on traffic that is being sent over them.

Researchers led by Mathy Vanhoef are due to reveal details of the exploit, known as KRACK, later today. But the US government has already revealed some details, in a warning that suggests the problem could be rife across the entire world.

The US Computer Emergency Readiness Team (US CERT) warned that anyone using the WPA 2 standard is probably compromised, since the issue is at the level of the protocol itself. "Note that as protocol-level issues, most or all correct implementations of the standard will be affected," it wrote in a warning.

"The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others," it also said.

Anyone who uses a router for their home network is probably relying on that standard, and any device you connect to it will be doing the sam. The name stands for Wi-Fi Protected Access, and as the name suggests it is the second implementation.

It's not clear how easy such an attack would be, or how it would be launched – though all of that will presumably be part of the larger reveal of the breach. It's also not clear whether it's actually being used yet in the wild, or whether and how existing networks will be able to updated to stay safe from it.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in