If you use Wi-Fi to access the Internet with your phone, tablet or laptop, you need to be aware that your sensitive personal information could be targeted by hackers trying to take advantage of a recently reported Wi-Fi vulnerability.
But also know that so far there have been no major reports of this being a widespread problem and that device manufacturers are working to patch the issue and that you should plan to install those updates as soon as they are available.
News about the problem comes from researchers who found that the WPA2 standard for encrypting Wi-Fi network traffic is vulnerable to attack and that information such as your account numbers and passwords could be exposed by cyber crooks. In this situation, it’s not the data on your device that is at risk, it’s the information that you send from them.
This vulnerability – called KRACK, or Key Reinstallation Attack – can allow hackers to see what you are doing on your device. The weakness allows crooks with access to the same Wi-Fi signal you’re using to reset an encryption key, which then can turn your viewing to an unencrypted session that could expose sensitive information.
While the issue could potentially affect a large number of devices – computers, tablets, phones, routers, Internet of Things devices - experts have yet to see a massive exploitation by hackers and many device manufacturers have already started rolling out patches to fix the problem or are aware of the issue and are working on fixes.
Experts recommend that you be on the lookout for operating system or firmware updates for devices such as smartphones and routers and that you install the patches as soon as they become available to protect you and your information. You can use the Internet to search for updates and for directions on how to install them.
Until upgrades are made, some experts are recommending that rather than using public Wi-Fi for sensitive things you should instead use your smartphone’s mobile data option, or use your computer on a wired connection.
Companies such as Microsoft, Apple, Google, Cisco and others have said they’ve already released patches or are working on them, while others are still assessing the situation.