Another day, another way our personal data is being compromised. This time, the latest threat to your credit card numbers, social security information, and other personal data comes from a more-than-ubiquitous source: your Wi-Fi.
As Ars Technica and The Independent report, a computer security researcher has discovered a major issue with Wi-Fi that can be used to decrypt your data. The vulnerability is the result of weakness in the WPA2 protocol that secures modern Wi-Fi networks. Hackers can steal sensitive data that has been decrypted using a method called KRACK, or Key Reinstallation Attacks. While we can't know yet if hackers have actually taken advantage of the vulnerability, its existence puts every Wi-Fi-enabled device at risk.
“If your device supports Wi-Fi, it is most likely affected,” Mathy Vanhoef, the Belgium-based researcher who discovered the exploit, said. That means your phone, your computer, and even your Wi-Fi light bulbs. The hacker only needs to be within range of your Wi-Fi—not logged into your network—to take advantage of it and steal your data. However, Ars Technica reports that Android and Linux users are more vulnerable to severe attacks than Windows or iOS users.
What should I do to protect myself?
Unfortunately, changing your passwords won’t help this time around. All you can do is wait for security updates for your devices. In the meantime, treat every Wi-Fi connection like it’s the public network at Starbucks. As in, don’t go sharing all your personal data. You can make yourself safer by using a VPN. According to cybersecurity expert Robert Graham, these kind of attacks can’t defeat VPNs.
Most companies will no doubt be releasing security patches to fix this issue ASAP, so keep a look out for any available updates.
[h/t The Independent]