Millions warned over Wi-Fi hack that can leak data as FBI warns against using public networks

/in


EXPERTS have raised the alarm on a Wi-Fi hack known as ‘kr00k’ that can expose your search history.

It comes as the US’ Federal Bureau of Investigation (FBI) warns people against using public internet networks.

The snoop would have to be in radio range of the wireless devices, be it your iPhone or Windows PC, to exploit the security flaw

1

The snoop would have to be in radio range of the wireless devices, be it your iPhone or Windows PC, to exploit the security flawCredit: Reuters

Fraudsters tend to prey on the weaker security and bigger victim pool that comes with shared Wi-Fi.

“Preventing internet-enabled crimes and cyber intrusions requires each of us to be aware and on guard,” the FBI wrote in a recent announcement.

“Be careful when connecting to a public Wi-Fi network and do not conduct any sensitive transactions, including purchases, when on a public network.”

Experts Mathy Vanhoef, Domien Schepers and Aanjhan Ranganathan have described the kr00k hack as a Wi-Fi “design flaw” in a recent paper.

People are just realising there's a hidden Wi-Fi 'killer' affecting your internet
Wi-Fi users warned over hacking signs – check router for 'criminal' alerts

Information about a network’s management, control and data is documented in what’s known to experts as Wi-Fi frames.

These frames will be queued and buffered so that they’re sent to access points at appropriate times.

Access points are devices similar to the broadband router you have at home, but is designed for local wireless networks that are often found in train stations, airports, shopping centres and hotels.

However, hackers can intercept these frames when they are buffering, according to the three researchers.

This means they can get a text-based breakdown of their victims browser history on almost all devices.

Cyber criminals can evade the security blockades on Windows and Mac computers, as well as iPhone and Android devices.

“The unprotected nature of the power-save bit in a frame’s header, which our work reveals to be a fundamental design flaw, also allows an adversary to force queue frames intended for a specific client resulting in its disconnection and trivially executing a denial-of-service attack,” the researchers explained in their paper, which will be presented at the Usenix Security Symposium later this year.

The snoop would have to be in radio range of the wireless devices, be it your iPhone or Windows PC, to exploit the security flaw.

In some cases, hackers may also need to be…

Source…