KU Leuven: Researcher discovers various vulnerabilities in WiFi security

New research has revealed multiple weaknesses in the security of Wi-Fi connections. Attackers could take advantage of these weaknesses to gain access to sensitive information. It is expected that all devices with a Wi-Fi connection would be vulnerable. Computer scientist Mathy Vanhoef worked closely with the world’s largest IT companies to solve the problems in updates launched last night.

Vanhoef, who is affiliated with KU Leuven and New York University Abu Dhabi, found three vulnerabilities in the Wi-Fi security protocol. In addition, he found various programming errors in devices with a WiFi connection. For the study, he tested 75 devices, including smartphones, laptops and smart devices. All devices tested were found to be vulnerable to at least one of the identified weaknesses.

The weaknesses in the security of Wi-Fi connections are very difficult to exploit and may therefore have remained under the radar for a long time: Vanhoef found them in the current WPA3 protocol, but also in all previous security protocols, dating back to 1997. “The errors attackers intercept data that you enter online, ”explains Vanhoef. “They do this by making a copy of a secure website page on which you try to log in, for example. Instead of the data being encrypted, it ends up with the attacker. ”

The programming errors that Vanhoef found are particularly problematic with smart household appliances or computers that have not been updated for a long time, because these devices can be exploited relatively easily. “People with bad intentions can then take control of, for example, a smart lamp. If an old Windows PC is attacked, they can even see everything that is happening on that computer and store all the data you enter, ”says Vanhoef.

People should not immediately worry. “We cannot say whether these errors have already been exploited. The chance seems rather small, because they went unnoticed for so long. ” In the past nine months, Vanhoef has also worked with many large IT companies, including Google and Microsoft, to repair the weaknesses. This was done through the Wi-Fi Alliance, an association of IT companies that jointly own and guard the Wi-Fi trademark. Yesterday evening they launched the necessary updates to fix the weaknesses.

“This discovery came as a surprise, as the security of Wi-Fi connections has just improved a lot in recent years.” This is partly due to Vanhoef himself: in 2017 he also discovered weaknesses in the WPA2 protocol. “IT companies need to be well aware that even well established technologies can have weaknesses. Wi-Fi devices can also be tested more extensively to avoid these kinds of problems in the future. ”

Cyber hygiene
He also has some good advice for users. “It’s a cliché, but it’s really important to maintain good cyber hygiene. So make sure you install new updates on time and always check whether a website is secure when you enter sensitive information, such as account details. No data can be intercepted from websites that are fully secured. You can recognize these websites by the lock in front of the url in your browser. ”