Skip to main content
  1. Home
  2. Phones
  3. Computing
  4. Emerging Tech
  5. Mobile
  6. Web
  7. News

Hide your kids, hide your Wi-Fi! Vulnerability found in WPA2 encryption

Add as a preferred source on Google

Hackers can access all modern Wi-Fi networks through a crack in the wireless security protocol WPA2, according to new research published on Monday from the University of Leuven (KU Leuven) in Belgium.

The Wi-Fi hack — aptly named KRACK (Key Reinstallation AttaCK) — means the vast majority of devices and wireless internet traffic are potentially susceptible to malicious attacks and eavesdropping. If your device supports Wi-Fi, it is probably affected, warns Mathy Vanhoef, the KU Leuven security expert who discovered the weakness.

Recommended Videos

“Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” Vanhoef wrote in his report. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. In general, any data or information that the victim transmits can be decrypted. Additionally, depending on the device being used and the network setup, it is also possible to decrypt data sent towards the victim (e.g. the content of a website).”

No, Mom, this isn’t the end of the internet. But it does mean we’ll need to update our devices as soon as possible.

In the wake of the WPA2 #Wifi vulnerability announcement, we're taking a poll. How do you protect your wifi network? https://t.co/D8Mt2OEr2H

— Digital Trends (@DigitalTrends) October 16, 2017

Many websites today run an additional level of security beyond WPA2 (note the padlock icon next to our URL in your Web browser’s address bar) so personal info passed through these sites is private. Websites without that padlock should be seen as open to the public until KRACK is patched.

There’s also a level of physical security in that a would-be hacker has to be within proximity of the network. We’re not all suddenly exposed to the everyone internet.

According to the report, KRACK affects Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and other operating systems. Some have released patches to address the vulnerability.

Recognizing how widespread the vulnerability was, Vanhoef and his team informed the United States Computer Emergency Readiness Team (CERT) who notified all susceptible vendors on August 28, 2017.

“We’re aware of the issue, and we will be patching any affected devices in the coming weeks,” Google told The Guardian.

“We have released a security update to address this issue. Customers who apply the update, or have automatic updates enabled, will be protected,” Microsoft said.

Security standards have been hacked in the past but this time there’s no new, more secure, and widespread standard to fall back on. So don’t freak out, but be cautious — check for padlocks in your browser’s address bar, update your devices ASAP, and, for god’s sake, use a VPN.

Dyllan Furness
Former Contributor
Dyllan Furness is a freelance writer from Florida. He covers strange science and emerging tech for Digital Trends, focusing…
Your OnePlus phone is switching to ColorOS, whether you like it or not
OnePlus has confirmed that OxygenOS is being phased out, and eligible devices will get the option to update to ColorOS 17 once it becomes available.
Person holding OnePlus 15.

OnePlus has confirmed that OxygenOS, the Android skin that helped define the brand for more than a decade, is being retired in favor of ColorOS. The confirmation came buried in the community forum post announcing its exit from North America and Europe.

ColorOS replaces OxygenOS worldwide

Read more
Personal Intelligence in Search now connects to Google Calendar
Google Search AI can now read your Calendar and add events automatically
Google Calendar

Google is taking another step toward making Search feel less like a search engine and more like a personal assistant. The company has announced that AI Mode's Personal Intelligence can now connect directly to Google Calendar, allowing it not only to reference your schedule but also to create calendar events on your behalf.

Until now, Personal Intelligence mainly pulled information from apps like Gmail and Google Photos to provide more relevant responses. Calendar changes the equation because it becomes the first connected Google app that doesn't just provide context. It can actively act. The feature is rolling out now to users in the United States, with a wider international rollout planned later.

Read more
OnePlus’ North America and Europe chapter has officially come to an end
Existing owners will continue to receive software updates and warranty support, with the option to switch from OxygenOS to ColorOS down the line.
The rear of the OnePlus 15R, propped up on a wooden table.

After months of straight-up denying it, OnePlus just confirmed it’s tapping out of North America and Europe. In a community forum post, the company dressed up the news as a “proactive global strategy adjustment,” but for buyers in these markets, the outcome is straightforward. There will be one less brand to choose from the next time you go phone shopping.

Existing owners will get support, plus an optional software switch

Read more