The US Department of Homeland Security on Monday warned of cyber risks associated with a widely used system for securing WiFi communications after Belgian researchers discovered a flaw that could allow hackers to read information thought to be encrypted, or infect websites with malware.
The alert from the DHS Computer Emergency Response Team said the flaw could be used within range of WiFi using the WPA2 protocol to hijack private communications. It recommended installing vendor updates on affected products, such as routers provided by Cisco Systems Inc or Juniper Networks Inc.
Belgian Researchers Mathy Vanhoef and Frank Piessens of Belgian university KU Leuven disclosed the bug in WPA2, which secures modern Wi-Fi systems used by vendors for wireless communications between mobile phones, laptops and other connected devices with Internet-connected routers or hot spots.
“If your device supports WiFi, it is most likely affected,” they said on the www.krackattacks.com, website, which they set up to provide technical information about the flaw and methods hackers might use to attack vulnerable devices.
It was not immediately clear how difficult it would be for hackers to exploit the bug, or if the vulnerability has previously been used to launch any attacks.
The WiFi Alliance, an industry group that represents hundreds of WiFi technology companies, said the issue “could be resolved through a straightforward software update.”
The group said in a statement it had advised members to release patches quickly and recommended that consumers quickly install those security updates.
Source: News agencies