CNET News Video
Wi-Fi has a big security flaw - and you need to act nowA weakness discovered in WPA2 encryption affects almost every Wi-Fi device. Unless the flaw is patched, hackers could potentially spy on everything you do online.
A major new security flaw has been discovered, and it affects practically everyone that uses WiFi. It' called KRACK, short for key reinstallation attack, and it's a way for hackers to spy on anything you do online. That includes seeing any passwords you type in or any conversations you're having or documents you're sending. A researcher from a Belgium University discovered the flaw, and published a paper on it. What makes it particularly nasty is that it's not tied to a certain machine. It has to do with a weakness and how WPA2 security was designed. That's the encryption method used by pretty much all WiFi networks. The researcher shared a video demonstrating the attack. If a hacker is near the WiFi access point. They can execute a script that tricks the system to bypass the security, then the hacker can see everything that is being sent and also infect the machine with malware. Here's where it gets worse, you're not even safe if you go to a website that's normally secure with https You see, this hack will disable that security so that little green lock icon is suddenly gone. Always pay attention to that icon. The demo shown was with Android, but it's also possible it could be done against a number of other systems including Apple and Microsoft. However, the researcher says it is easier to attack Android and Linux operating systems. So now that you know how bad it can be, here's the good news. This is fixable with patches, and the researchers warned companies of this flaw months ago before going public with the discovery. So Many vendors have been working on fixes. Google is expected to patch its products in the coming weeks. Now all the average person needs to worry about is making sure all laptops and smartphones are updated. Changing your password doesn't matter. This is about downloading software updates as soon as possible for any device that uses wi-fi. That includes a smart watch, a TV, maybe even your car. And if you have a device that is not patched, well you should be extra cautious. Any information sent over that device could be compromised. The Wi-fi Alliance says there's no evidence that this attack has been used maliciously, at least not yet. I'm Bridget Carey, and you can find more details and tips on the crack attack at cnet.com.