KU Leuven: Researcher discovers various vulnerabilities in WiFi security
New research has revealed multiple weaknesses in the security of Wi-Fi connections. Attackers could take advantage of these weaknesses to gain access to sensitive information. It is expected that all devices with a Wi-Fi connection would be vulnerable. Computer scientist Mathy Vanhoef worked closely with the world’s largest IT companies to solve the problems in updates launched last night.
Vanhoef, who is affiliated with KU Leuven and New York University Abu Dhabi, found three vulnerabilities in the Wi-Fi security protocol. In addition, he found various programming errors in devices with a WiFi connection. For the study, he tested 75 devices, including smartphones, laptops and smart devices. All devices tested were found to be vulnerable to at least one of the identified weaknesses.
The weaknesses in the security of Wi-Fi connections are very difficult to exploit and may therefore have remained under the radar for a long time: Vanhoef found them in the current WPA3 protocol, but also in all previous security protocols, dating back to 1997. “The errors attackers intercept data that you enter online, ”explains Vanhoef. “They do this by making a copy of a secure website page on which you try to log in, for example. Instead of the data being encrypted, it ends up with the attacker. ”
The programming errors that Vanhoef found are particularly problematic with smart household appliances or computers that have not been updated for a long time, because these devices can be exploited relatively easily. “People with bad intentions can then take control of, for example, a smart lamp. If an old Windows PC is attacked, they can even see everything that is happening on that computer and save all the data you enter, ”says Vanhoef.