Vulnerabilities in security protocol for certain Wi-Fi networks may leave 41 percent of devices using Google’s Android operating system susceptible to cyber attacks, according to researchers at the Belgian University KU Leuven.
The relatively new exploit can allegedly empower hackers to survey Wi-Fi traffic between multiple devices and their internet access point, like wireless routers. Thus, attackers can read information once thought to be protected by encryption, without a password to the network.
“This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks,” reads a blog post from Mathy Vanhoef of KU Leuven (emphasis theirs). “Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
While the attack can affect any relatively recent Wi-Fi network, it is “exceptionally devastating against Linux and Android 6.0 or higher.” The would-be attacker, though, has to be within a particular range of the victim.
Ransomware is a type of infected software designed to take over a computer system and then block access for the authorized user. Nefarious hackers will often trick unsuspecting people into giving them their personal security credentials, and then encrypt highly valuable information once they gain access. Certain cyber criminals, for example, infiltrated a number of hospitals and other institutions across the globe earlier in the year, and locked the authorized users out until they paid a specific sum of money.
Ransomware cost businesses an estimated $1 billion in just a year. (RELATED: Study: Hackers Likely Made $25 Million Holding People’s Data Hostage In Last Two Years)
“Some versions of Android do make it possible for hackers to decrypt Wi-Fi messages; this is one of many vulnerabilities in operating systems that undermine Wi-Fi,” Richard Bennett, one of the original creators of the Wi-Fi system, told The Daily Caller News Foundation. “It has long been possible for people using Wi-Fi on public networks such as those in coffee shop to see each other’s messages.
Changing the password to a Wi-Fi network would not be the best way to help prevent this specific problem, according to Vanhoef. Instead, Vanhoef says updating the firmware to the router is the optimal way of ensuring that the exploit is no longer available to attackers.
“The only way to make public Wi-Fi secure is to use a VPN [virtual private network],” Bennett continued, “and anyone who routinely uses Wi-Fi in airports or other public spaces should have one.” (RELATED: ‘Tragedy Of Policy’: Snowden Lays Into Putin For Decision To Ban VPNs)
“We’re aware of the issue, and we will be patching any affected devices in the coming weeks,” a Google spokesman told TheDCNF in a statement.
Send tips to [email protected].
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact [email protected].