Wi-Fi vulnerability could allow attackers to steal your data on unencrypted sites

the fbi wants you to reboot your router insecure getty
Casezy/Getty Images

Computer scientists at the University of California, Riverside, have discovered a security flaw that affects all Wi-Fi routers. Hackers could exploit the weakness in the transmission control protocol (TCP) and perform a web cache poisoning attack to steal passwords, login information, and other private data. Unfortunately, a fix isn’t possible, as the vulnerability stems from a 20-year-old design based on TCP and Wi-Fi. To prevent hackers from using the exploit, researchers recommend that manufacturers build routers that operate on different frequencies for transmitting and receiving data.

Fortunately, this attack technique won’t work with encrypted sites that use HTTPS and HSTS. Users on Ethernet connections are similarly not affected. Given that the attack won’t work on encrypted sites, most users who browse the internet on a modern browser shouldn’t be affected. Many browsers, including Google’s Chrome, already warn users if they visit an unencrypted site.

TCP works by breaking down data into manageable chunks, called packets, for computers to communicate. The data packets begin with a random first number, but the subsequent numbers in the sequence will predictably increase, and hackers can guess the next number to intercept communication between the sending and receiving computers. Given that there are approximately 4 billion sequence numbers, it is difficult for hackers to make a correct guess.

“But if the attacker can figure out which number triggers a response from the recipient, they can figure out the rough range of the correct number and send a malicious payload pretending that it comes from the original sender,” the researchers wrote in a blog post detailing the attack. “When your computer reassembles the packets, you’ll see whatever the attacker wants.”

When the victim visits a website that’s controlled by the hacker — who can be connected remotely using a different Wi-Fi network — the site will run a JavaScript that creates a TCP connection to a banking website. The exploit will work if the victim stays on the site for as little as 1 minute. Hackers can display pirated movies, for example, in an attempt to lure the victim to stay on the site for longer. While the victim is on the site, the hacker can guess the sequence number for the banking packet and inject a malicious copy of the bank webpage into the victim’s cache to steal passwords and login information.

This web cache poisoning tactic ensures that the victim will always see the malicious site whenever they try to visit the banking website in the future, and the malicious copy of the site can sit in the browser cache for deacdes or until the victim clears the cache.

Computing

Dive into the best VR experiences available now on the Oculus Rift

The Oculus Rift brought back virtual reality and put a modern twist on it. Grab your Touch Controllers, put on your VR headset, and jump into the fun with some of the best Oculus Rift games available now.
Gaming

Google Stadia vs. Blade's Shadow: How the game-streaming services differ

Google Stadia and Blade's Shadow are two very different game-streaming services. We've outlined the key differences between the two to help you decide which one you should pay for.
Mobile

Your smartphone knows all your secrets. Put it on lockdown with these tips

Having your smartphone hacked can feel like someone robbed your house. It's a massive invasion of privacy and a violation of your personal space. We've put together a checklist of precautions that will help you avoid this terrible fate.
Movies & TV

The best shows on Netflix right now (June 2019)

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Gaming

Take a trip to a new virtual world with one of these awesome HTC Vive games

So you’re considering an HTC Vive, but don't know which games to get? Our list of 29 of the best HTC Vive games will help you out, whether you're into rhythm-based gaming, interstellar dogfights, or something else entirely.
Computing

What is Libra? Here’s what you need to know about Facebook’s new cryptocurrency

Facebook released a white paper announcing its new cryptocurrency, Libra, which it intends as a way to enable more people around the world to process online payments. Here's how the new blockchain technology works.
Computing

YouTube’s new HD music videos let you relive your youth in vivid detail

Relive your youth in vivid detail with YouTube's new HD music videos. The video sharing website will be converting your favorite, decades-old music videos from SD to HD and the first hundred of them are available to watch right now.
Computing

From Air to Pro, here are the best MacBook deals for June 2019

If you’re in the market for a new Apple laptop, let us make your work a little easier: We hunted down the best up-to-date MacBook deals available online right now from various retailers.
Computing

Ice Lake benchmarks show Intel isn’t done firing back at AMD

A leaked benchmark shows Intel's upcoming 10th-generation Ice Lake mobile chip outperforms AMD's Ryzen 5 3500U. These test metrics follow less than a month after Intel and AMD traded dueling keynotes touting their next lines of CPUs.
Deals

Dell drops big discounts on Inspiron 7000 and G5 gaming laptops for grads

Dell has been dropping deals on laptops all summer, and now in time for graduation day, you can score a Dell Inspiron 7000 15 laptop or a G5 15 gaming laptop at deeply discounted prices of just $830 and $900, respectively.
Deals

The best Amazon Prime Day 2019 deals: Leaked date and sale predictions

Amazon Prime Day 2019 isn't here yet, but it's never too early to start preparing. We've been taking a look at the best discounts from previous Prime Days to give you our predictions of what to expect this year.
Computing

Microsoft teams up with Kano to create a DIY Windows 10 PC for kids

Microsoft and Kano have unveiled a build-it-yourself Windows 10 PC aimed at making computing fun for kids. The Kano PC features an 11.6-inch touchscreen and attachable keyboard, and comes bundled with a range of software.
Apple

Good news for Mac photographers — Lightroom now available from Mac App Store

Getting your hands on a copy of Adobe Lightroom CC just got a bit simpler for Mac users. The popular photo-editing app launched on the Mac App Store today, allowing photo editors to skip ordering from Adobe and go right to the App Store.
Computing

These monitors will brighten up your game room or office, no matter your budget

Whether you want a monitor with a 4K resolution, HDR support, high refresh-rate for gaming, or just a great all-rounder at a good price, we've got something for you. These are the best monitors you can buy right now.