Krack wifi flaw: Google and Apple promise security update
Apple and Google have promised software updates to patch a critical flaw in Wi-Fi technology that would allow hackers to steal credit card numbers, passwords and private messages from internet users, while Microsoft says it has already issued an update.
The "Krack" vulnerability that emerged on Monday affects potentially every Wi-Fi network in the world and is seen as one of the biggest security scares in years. It sparked a rush of updates from technology companies on Monday, although many had known about it for weeks.
Apple said it had developed updates to iOS and MacOS that were in testing and would be released within weeks. Microsoft said an automatic security update issued last week had fixed the problem for Windows 7, 8 and 10 users.
Google, which develops the Android software that runs on the majority of smartphones, said it would release a patch on November 6. However, since Android manufacturers have to release their own security updates, it may be months until some phones are safe, and others may never be secured.
The Krack vulnerability, uncovered by a Belgian researcher on Monday, exploits a flaw in the way data is secured as it travels over the air between a device like a PC or smartphone and a Wi-Fi router. It forcibly installs a new "key" into the encryption protocol, meaning a hacker within range of the network could decipher information such as passwords and credit card numbers as it travels.
MathyMathy Vanhoef, the researcher who discovered the vulnerability, warned that it "works against all modern protected Wi-Fi networks".
The software updates should go some way to limiting the security scare, although internet users have also been urged to patch their routers.
A handful of router manufacturers have issued fixes or promised them, although BT, Sky and Virgin have not yet issued any guidance to customers about how to they need to update routers supplied by the companies.
A BT spokesman said: "We’re aware of the issue and we’ll be working with industry to update software as appropriate."
Virgin Media said: "Our security teams are always alert to any potential issues for our customers." Sky said: "We take the security of our customers extremely seriously and, along with the rest of the industry, are looking into this matter as a priority."
However, the following are things to do in order to avoid krack attack:
First things first: make sure you have a password on your Wi-Fi network. If you don't, you're at risk of all kinds of attacks.
If possible, try not to connect to unsecured Wi-Fi networks - these are often seen in hotels, coffee shops and other public spaces. You can tell if a network is secure by a little padlock next to it when you're selecting the network.
TheThe Krack attack affects secure networks, relying on a flaw in the "handshake" between device and router to insert a new "key" that can decrypt communications, potentially stealing passwords and credit card data
Most banking and online shopping websites use https, an encryption technique that protects you from this flaw. You can check by the little padlock in the top left of the screen by the address bar
The best thing you can do is update your router and devices like smartphones and PCs. Check who makes your router and try their website to find out how to patch it. Updates may not yet be available. Microsoft, Google and Apple have issued or plan to issue updates.
Security experts say that in the meantime, if you're really concerned you should use a "virtual private network" (VPN) such as NordVPN or TunnelBear.
Thank you
The "Krack" vulnerability that emerged on Monday affects potentially every Wi-Fi network in the world and is seen as one of the biggest security scares in years. It sparked a rush of updates from technology companies on Monday, although many had known about it for weeks.
Apple said it had developed updates to iOS and MacOS that were in testing and would be released within weeks. Microsoft said an automatic security update issued last week had fixed the problem for Windows 7, 8 and 10 users.
Google, which develops the Android software that runs on the majority of smartphones, said it would release a patch on November 6. However, since Android manufacturers have to release their own security updates, it may be months until some phones are safe, and others may never be secured.
The Krack vulnerability, uncovered by a Belgian researcher on Monday, exploits a flaw in the way data is secured as it travels over the air between a device like a PC or smartphone and a Wi-Fi router. It forcibly installs a new "key" into the encryption protocol, meaning a hacker within range of the network could decipher information such as passwords and credit card numbers as it travels.
MathyMathy Vanhoef, the researcher who discovered the vulnerability, warned that it "works against all modern protected Wi-Fi networks".
The software updates should go some way to limiting the security scare, although internet users have also been urged to patch their routers.
A handful of router manufacturers have issued fixes or promised them, although BT, Sky and Virgin have not yet issued any guidance to customers about how to they need to update routers supplied by the companies.
A BT spokesman said: "We’re aware of the issue and we’ll be working with industry to update software as appropriate."
Virgin Media said: "Our security teams are always alert to any potential issues for our customers." Sky said: "We take the security of our customers extremely seriously and, along with the rest of the industry, are looking into this matter as a priority."
However, the following are things to do in order to avoid krack attack:
First things first: make sure you have a password on your Wi-Fi network. If you don't, you're at risk of all kinds of attacks.
If possible, try not to connect to unsecured Wi-Fi networks - these are often seen in hotels, coffee shops and other public spaces. You can tell if a network is secure by a little padlock next to it when you're selecting the network.
TheThe Krack attack affects secure networks, relying on a flaw in the "handshake" between device and router to insert a new "key" that can decrypt communications, potentially stealing passwords and credit card data
Most banking and online shopping websites use https, an encryption technique that protects you from this flaw. You can check by the little padlock in the top left of the screen by the address bar
The best thing you can do is update your router and devices like smartphones and PCs. Check who makes your router and try their website to find out how to patch it. Updates may not yet be available. Microsoft, Google and Apple have issued or plan to issue updates.
Security experts say that in the meantime, if you're really concerned you should use a "virtual private network" (VPN) such as NordVPN or TunnelBear.
Thank you
Comments
Post a Comment