'Most or all' WiFi security broken, potentially allowing any device to be broken into, US government warns

The problem is in WPA 2, the security protocol that is almost certainly guarding your house right now

Andrew Griffin
Monday 16 October 2017 08:29 BST
Comments
Any device that connects to almost any WiFi network could be potentially compromised
Any device that connects to almost any WiFi network could be potentially compromised (ANDREAS SOLARO/AFP/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Almost every Wi-Fi network could have been compromised, according to the US government.

A problem with the WPA 2 standard – used in almost every home Wi-Fi network – means that potentially any network using it could be broken into, according to a new warning. Once that's happened, anything on the network is exposed, meaning that hackers could snoop on traffic that is being sent over them.

Researchers led by Mathy Vanhoef are due to reveal details of the exploit, known as KRACK, later today. But the US government has already revealed some details, in a warning that suggests the problem could be rife across the entire world.

The US Computer Emergency Readiness Team (US CERT) warned that anyone using the WPA 2 standard is probably compromised, since the issue is at the level of the protocol itself. "Note that as protocol-level issues, most or all correct implementations of the standard will be affected," it wrote in a warning.

"The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others," it also said.

Anyone who uses a router for their home network is probably relying on that standard, and any device you connect to it will be doing the sam. The name stands for Wi-Fi Protected Access, and as the name suggests it is the second implementation.

It's not clear how easy such an attack would be, or how it would be launched – though all of that will presumably be part of the larger reveal of the breach. It's also not clear whether it's actually being used yet in the wild, or whether and how existing networks will be able to updated to stay safe from it.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in