Just yesterday security vulnerabilities were discovered in WPA2 (Wi-Fi Protected Access II). WPA2 is used in many modern Wi-Fi networks, and eventually affects devices including Android, Linux, Apple, Windows, OpenBSD, among others. Discovered by Mathy Vanhoef, the vulnerability could allow people access to your Wi-Fi traffic. Apple has now stated that the WPA2 vulnerability has already been patched on its OS platforms.
According to imore, Apple has confirmed that the exploit has been patched in the latest beta versions of iOS, tvOS, watchOS, and macOS. These betas are currently available to developers and public, and will soon be rolled out to consumers globally. The patch will come with third beta of iOS 11.1, tvOS 11.1 beta, and third public beta of watchOS 4.1. After the stable versions are rolled out, it will essentially keep Apple devices safe when connected to a Wi-Fi router for internet connectivity.
Deeper dive to follow.
— Rene Ritchie (@reneritchie) October 16, 2017
The security vulnerability uses a key re-installation attack (KRACK) in WPA2 protocol. Using KRACK, attackers can hack into the Wi-Fi’s traffic allowing them to access sensitive information like credit and debit card details, usernames, passwords, and more. In essence, any kind of vulnerable information passed through is at risk of being exposed. RELATED: Wi-Fi Security broken; researchers say ‘if your device supports Wi-Fi, it is most likely affected’
Considering how WPA2 is used to encrypt Wi-Fi connections, this vulnerability could lead to potential risks of data leaking. In an interview with The Guardian, Vanhoef said, “If your device supports Wi-Fi, it is most likely affected,” Vanhoef writes. “In general, any data or information that the victim transmits can be decrypted … Additionally, depending on the device being used and the network setup, it is also possible to decrypt data sent towards the victim (e.g. the content of a website).”
Content sent to websites that aren’t secured can be exploited by this vulnerability. Even websites with HTTPS can be exploited. It is advised that users do not connect to public Wi-Fi networks. You can opt for ethernet connections, and user VPN for browsing. ALSO READ: iOS 11: Wi-Fi, Bluetooth toggles in Control Center don’t actually work