Wi-Fi security flaw KRACK puts all wireless devices at risk
The weakness was found in the WPA2 security protocol used by almost every modern phone, computer and router.
Katie CollinsSenior European Correspondent
Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
The bug ultimately could allow hackers to eavesdrop on network traffic -- bad news for anyone sending sensitive or private information over a Wi-Fi connection. These days, that's pretty much all of us, although this could hit businesses using wireless point-of-sale machines particularly hard.
Watch this: Wi-Fi has a big security flaw - and you need to act now
It's yet another weak spot in the wireless connections now woven into the fabric of daily life. Just last month, for instance, a security company flagged a flaw that could let malware hit more than 5 billion devices via their Bluetooth connections.
And it comes on top of a seemingly endless string of bad news in general about security vulnerabilities, whether still in a potential state or actually exploited by hackers. In May and June, ransomware attacks locked up computers around the world, demanding payment from people and companies in return for renewed access to vital information and systems. More recently came the hack at Equifax, which compromised the person details of 145 million Americans, and the latest shoe to drop in the matter of Yahoo's massive hack, which hit a breathtaking 3 billion accounts.
In the case of KRACK, hackers would have to be within physical range of a vulnerable device to take advantage of the flaw, but if they're in the right spot, they could use it to decrypt network traffic, hijack connections and inject content into the traffic stream.
To do so would involve effectively impersonating a user who had already been granted access to the network so as to exploit a weakness in the secure four-way handshake that acts as its gatekeeper.
"All Wi-Fi clients we tested were vulnerable" to an attack on that handshake, Vanhoef wrote.
For more on KRACK, what it means for businesses and what to do about it, head over to our sister site ZDNet.
Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.
Logging Out: Welcome to the crossroads of online life and the afterlife.