US warns of security flaw against Wi-Fi connections
The US government’s computer security watchdog warned yesterday of a security flaw in Wi-Fi encryption protocol which can open the door to attacks to eavesdrop on or hijack devices using wireless networks.
The disclosure by the government’s Computer Emergency Response Team could potentially allow hackers to snoop on or take over millions of devices which use Wi-Fi.
The agency said the flaw was discovered by researchers at the Belgian university KU Leuven.
According to the news site Ars Technica, the discovery was a closely guarded secret for weeks to allow Wi-Fi systems to develop security patches.
Attackers can exploit the flaw in WPA2 — the name for the encryption protocol — “to read information that was previously assumed to be safely encrypted,” said a blog post by KU Leuven researchers.
“This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, e-mails, photos, and so on. The attack works against all modern protected Wi-Fi networks.
“Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
The flaw was dubbed KRACK for Key Reinstallation AttaCK because it lets attackers insert a new “key” on a Wi-Fi connection that keeps data private.
- About Us
- |
- Terms of Use
- |
- RSS
- |
- Privacy Policy
- |
- Contact Us
- |
- Shanghai Call Center: 962288
- |
- Tip-off hotline: 52920043
- 沪ICP证:沪ICP备05050403号-1
- |
- 互联网新闻信息服务许可证:31120180004
- |
- 网络视听许可证:0909346
- |
- 广播电视节目制作许可证:沪字第354号
- |
- 增值电信业务经营许可证:沪B2-20120012
Copyright © 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.