A Huge Hole in Wi-Fi Security Leaves Just About Everyone at Risk

It’s no overstatement to say the crap could be about to hit the Wi-Fi fan.

A widespread, popular Wi-Fi security tool has a flaw that hackers could use to access sensitive information transmitted over the Internet, cybersecurity reseachers say.

The weakness, known as Krack, has serious implications for essentially all wireless devices that use a security protocol called WPA2 — which just happens to be the standard security option for most networks. Hackers could use this hole in the encryption system to steal information that travels between Internet routers and the wireless devices connected to them.

The researchers who revealed the breach say the damage is “just getting started,” as Krack could affect all aspects of the so-called Internet of Things.

The Internet of Things includes wearable watches and fitness trackers, Internet-connected vehicles, smart homes like Amazon Echo and Google Home, bluetooth trackers, and more. It exist in more devices than most people can imagine, and that means all these smart devices are vulnerable and potentially hackable.

“The problems with IOT security run both so broadly and so deep, and Krack exposes them so fully, that giving up altogether feels about right,” Wired writes. “That feeling that’s sinking in is hopelessness.”

Major wireless providers, like Apple and Windows, have quickly sent users updates that would repair these vulnerable “patches” — a full list of patched Wi-Fi providers can be found here. The update should plug the vulnerable WPA2 gap, so patched iOS and Android smartphones, tablets, and computers are likely safe.

However, this does not include other Internet-connected devices like garage-door openers and security cameras, Wired reports:

That’s because even under the best of circumstances, IoT devices rarely receive the necessary software updates to correct security issues. For a problem as complex as Krack, which impacts the industry at a protocol level and requires a coordinated effort to fix, in many cases your best bet is just to buy new equipment once patched options are on the market.

While Internet of Things hacks cannot be prevented for good, this “catastrophe” does raise concerns that more has to be done in the wake of the Krack attack than simply industry regulations and quick fixes.

In the meantime, it’s essential to know what steps those affected — which is pretty much everyone — can take to prevent becoming a victim of the latest cybersecurity breach. Because the Krack attack doesn’t need the Wi-Fi password to access the connection, changing that won’t do anything, software company Softonic says.

While installing updates will help, this doesn’t ensure all your wireless devices are protected. It’s possible to sidestep a wireless Internet connection entirely by using an Ethernet cable plugged directly into the router. Phones and tablets don’t connect to Ethernet cables, so the best bet may be to turn off Wi-Fi all together and stick with using cell data.

One way to ensure Internet traffic is protected is to use the HTTPS version of websites. In a URL, HTTPS — as opposed to the more traditional HTTP — means inputted information is encrypted and hackers cannot access it.