Various vulnerabilities in the security of Wi-Fi networks have been discovered in new study. Attackers might use these flaws to get access to sensitive information.
The vulnerabilities are believed to have impacted all Wi-Fi equipment. Mathy Vanhoef (Department of Computer Science) collaborated closely with the world’s largest IT businesses to resolve the concerns via previously announced upgrades.
Vanhoef discovered three flaws in the Wi-Fi security protocol while working at KU Leuven and New York University Abu Dhabi. He also discovered many programming flaws in Wi-Fi-connected gadgets.
He evaluated 75 gadgets for the research, including smartphones, computers, and smart devices. All of the devices that were put to the test were vulnerable to at least one of the vulnerabilities that were found.
The vulnerabilities discovered in Wi-Fi security protocols are difficult to attack, which may explain why they went unnoticed for so long: Vanhoef discovered them not just in the current WPA3 protocol, but also in all prior security protocols dating back to 1997.
“Attackers can intercept data you submit online because of the flaws,” Vanhoef explains. “They can do this, for example, by creating an unsafe replica of a protected website to which you try to log in. Instead of being encrypted, the data ends up in the hands of the attacker.”
Vanhoef discovered programming flaws in Wi-Fi devices, which are particularly troublesome for smart appliances and PCs that have not been updated in a long time because it is simpler to misuse them in these situations.
“In this manner, someone with nefarious intents might, for example, take control of a smart light bulb. “They can even observe everything you do on that computer and save all the data you enter if an outdated Windows PC is attacked,” Vanhoef explains.
Solutions to the flaws
There is no need to be concerned right now. “It’s hard to say whether these weaknesses have been exploited. Because they remained undiscovered for so long, it seems unlikely.” Vanhoef has spent the last nine months working closely with a number of big IT businesses, including Google and Microsoft, to address the flaws.
The Wi-Fi Alliance, a group of IT businesses that jointly own and control the Wi-Fi trademark, was responsible for this. They released the required patches to remedy the vulnerabilities yesterday.
“This discovery surprised me because Wi-Fi connection security has improved dramatically in recent years,” Vanhoef adds. This is partially due to Vanhoef’s own discovery of flaws in the WPA2 protocol in 2017.
“IT firms should be mindful that even well-established systems might have faults in their design. Wi-Fi equipment could also be thoroughly vetted in the future to avoid these issues.”
He also provides some useful tips for users. “It’s a cliche, but proper cyber hygiene is critical. Install new updates whenever possible, and always ensure that a website is safe before entering critical information such as account information.
Data from truly protected websites can never be intercepted. The padlock in front of the URL in your browser identifies such websites.”