A serious Wi-Fi encryption bug has just been found on Monday, which can be easily used to eavesdrop on phones and computers, allowing hackers to read information thought to be encrypted, or infect websites with malware.
An alert from the US Department of Homeland Security Computer Emergency Response Team on Monday said the flaw could be used within the range of Wi-Fi using the WPA2 protocol to hijack private communications. It recommended installing vendor updates on affected products.
Belgian researchers Mathy Vanhoef and Frank Piessens of Belgian university KU Leuven disclosed the bug in WPA2, which secures modern Wi-Fi systems used by vendors for wireless communications between mobile phones, laptops and other connected devices with Internet-connected routers or hot spots.
“If your device supports Wi-Fi, it is most likely affected,” they said.
It was not immediately clear how difficult it would be for hackers to exploit the bug, or if the vulnerability has previously been used to launch any attacks. Besides, some researchers also pointed out that the threat may be limited by distance.
Finnish security firm F-Secure said experts have long been cautious about Wi-Fi’s ability to withstand security challenges of the 21st century. “But the worst part of it is that it’s an issue with Wi-Fi protocols, which means it affects practically every single person in the world that uses Wi-Fi networks.”
Microsoft said it had released a security update for Windows. Customers who applied the update, or had automatic updates enabled, would already be protected, it said in a statement.
CERT New Zealand and CERT India asked users to apply security updates. CERT NZ suggested using ethernet cables and to connect directly into the network, when possible.
"Given the complexity of updating smart devices such as mobile phones, CERT NZ also strongly recommends disabling Wi-Fi when it isn't required," it said in its advisory.
The Wi-Fi Alliance, an industry group that represents hundreds of Wi-Fi technology companies, said the issue “could be resolved through a straightforward software update”.
The group said in a statement it had advised members to release patches quickly and recommended that consumers quickly install those security updates.
So, if you receive a patch related to WiFi security, please DO NOT hesitate to install it IMMEDIATELY.