NEW YORK (CBSNewYork) — Researchers in Belgium uncovered a flaw in Wi-Fi security that makes every device you use on Wi-Fi vulnerable to cyber attacks.
It could be the mother of all security breaches.
Think about where and when you use Wi-Fi.
“I use Wi-Fi for everything – iPad, iPhone, at home, my computer,” one person told CBS2’s Carolyn Gusoff.
“My cell phone, my tablet, and my laptop,” another added.
Now, think about your devices on Wi-Fi as an open book. That’s what a Belgian researcher warned could happen after he uncovered a weakness in WPA2 — the security that protects all Wi-Fi networks.
“The attacker is now able to access the email address and password of the victim,” cyber security expert and software patent holder Anthony Roman said.
The flaws are called KRACKs Key Re-installation Attacks.
Roman said it’s like a burglar being able to make a duplicate key to your house.
“Consider everything you have to be public right now. Any communication you have, all of your banking communications, your private communication, your credit card information, everything is vulnerable,” he said.
Passwords, emails, photos, even your car and home security cameras could be accessed.
“I-message is also Wi-Fi so someone can even potentially hack your messages,” he explained.
Android users are at even greater risk.
“It’s not just phone, it’s your home business,” Roman said.
The first step is updating your devices. A Microsoft patch is already available. Apple and Google are scrambling to roll out a fix within weeks.
“You have to be very very careful what you are transmitting, adding virtual private network software would be very helpful, but basically the analogy I would use; it’s sandbags versus a flood,” he said.
Use an ethernet cable instead of Wi-Fi when transmitting sensitive information, or take your smartphone off WiFi and use data.
On the bright side, hackers would have to be in close physical proximity to the device in order to KRACK your WiFi security. So there will be no threat from overseas, but it could extend several hundred feet.
Hackers could someday target other Wi-Fi vulnerabilities. The researcher behind KRACKs hints they’re just getting started.
It’s also advisable to only use HTTPS encrypted websites until your are able to install a security update to your devices.