CNET también está disponible en español.

Ir a español

Don't show this again

Security

Wi-Fi security flaw KRACK puts all wireless devices at risk

The weakness was found in the WPA2 security protocol used by almost every modern phone, computer and router.

My Point Of View

The bug already has its own nickname: KRACK

Bill Hinton#74239

You use Wi-Fi every day -- you may even be on it right this very moment -- and that means the device you're using is at serious risk of being hijacked.

Researchers have discovered a flaw in the security protocol that's a fixture in almost every modern Wi-Fi device, including computers, phones and routers, reported ZDNet on Monday.

A weakness in the WPA2 protocol, meant to protect both wireless networks and devices, was discovered by computer security academic Mathy Vanhoef, and is being nicknamed "KRACK," short for Key Reinstallation Attack.

The bug ultimately could allow hackers to eavesdrop on network traffic -- bad news for anyone sending sensitive or private information over a Wi-Fi connection. These days, that's pretty much all of us, although this could hit businesses using wireless point-of-sale machines particularly hard.

Now playing: Watch this: Wi-Fi has a big security flaw - and you need to act now
1:58

It's yet another weak spot in the wireless connections now woven into the fabric of daily life. Just last month, for instance, a security company flagged a flaw that could let malware hit more than 5 billion devices via their Bluetooth connections.

And it comes on top of a seemingly endless string of bad news in general about security vulnerabilities, whether still in a potential state or actually exploited by hackers. In May and June, ransomware attacks locked up computers around the world, demanding payment from people and companies in return for renewed access to vital information and systems. More recently came the hack at Equifax, which compromised the person details of 145 million Americans, and the latest shoe to drop in the matter of Yahoo's massive hack, which hit a breathtaking 3 billion accounts.

In the case of KRACK, hackers would have to be within physical range of a vulnerable device to take advantage of the flaw, but if they're in the right spot, they could use it to decrypt network traffic, hijack connections and inject content into the traffic stream.

To do so would involve effectively impersonating a user who had already been granted access to the network so as to exploit a weakness in the secure four-way handshake that acts as its gatekeeper.

"All Wi-Fi clients we tested were vulnerable" to an attack on that handshake, Vanhoef wrote.

For more on KRACK, what it means for businesses and what to do about it, head over to our sister site ZDNet.

Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.

Logging Out: Welcome to the crossroads of online life and the afterlife.