WiFi networks seen vulnerable to hacking due to WAP2 flaw

October 19, 2017 10:37
Some free WiFi available in cities don’t have any cryptographic measures, which make them particularly vulnerable to cyber-attack. Photo: AFS

WiFi Protected Access 2 (WAP2), the current industry standard that encrypts traffic on Wi-Fi networks, is vulnerable to hackers due to a flaw in the cryptographic protocols, according to new research from security expert Mathy Vanhoef of KU Leuven in Belgium.

Hackers can exploit the flaw to read and steal data even if the traffic is encrypted, the researcher warned.

In practice, that means hackers can steal your passwords, intercept your financial data, such as credit card information, as well as emails and photos and can even manipulate commands.

Users must update affected products to prevent any possible attack.

WPA2 started to replace WPA and WEP as the industry standard since 2005. It was believed to offer the safest cryptographic protocols, which are widely used in household wireless routers.

Almost all Wi-Fi enabled devices including smartphones, tablets, computers or even healthcare equipment or smart home appliances could be vulnerable to attack.

Among them, devices with Android, Linux, OpenBSD systems are seen more vulnerable than those with iOS, macOS or Windows systems. Hackers can steal confidential data, which may pose great threat for big corporations and government agencies.

An attacker needs to be physically near a particular Wi-Fi network to carry out the assaults. Some free WiFi available in cities don't have any cryptographic measures, which make them even more vulnerable.

Mobile phone users should be wary of information security when they handle sensitive information, according to Eric Fan, convener of information security at the Hong Kong Information Technology Federation.

The phone users should cut off WiFi connection and switch back to 3G or 4G. In addition, Fan noted that a website with Hyper Text Transfer Protocol Secure (HTTPS) or an app with Transport Layer Security (TLS) would be safer.

The WiFi Alliance said on Monday that it has yet to discover any large-scale attack exploiting this vulnerability. It's reported that Microsoft has already released programs to fix the problem, and that Apple and Google will release upgrade program as soon as possible.

This article appeared in the Hong Kong Economic Journal on Oct 18

Translation by Julie Zhu

[Chinese version 中文版]

– Contact us at [email protected]


Hong Kong Economic Journal