When you subscribe we will use the information you provide to send you these newsletters. Sometimes they’ll include recommendations for other related newsletters or services we offer. Our Privacy Notice explains more about how we use your data, and your rights. You can unsubscribe at any time.
When most people think of cyber attacks they assume their data is at risk from malware downloaded from the web or via fake email scams. However, it seems that the router tucked under your TV could give hackers a very easy way to monitor your online activity, steal very personal data or even bombard your PC with fake websites.
This new warning comes courtesy of Mathy Vanhoef, a Belgian security expert who has discovered some serious flaws in a number of popular routers.
The glitch, which has been named “FragAttacks” comes from a mixture of simple design errors within the router itself and mistakes with the software that powers them. Incredibly, some of these problems stem from when routers were first implemented back in 1997.
Vanhoef says that devices affected by the issue can be easily hacked as long as the cyber criminal is within radio range of a victim.
To give manufacturers time to fix the glitch, the problem was disclosed to the WiFi Alliance last year before being made public.
A number of high profile manufactures have already rushed to push out updates to patch the glitch.
Dominic Raab warns countries launching cyber attacks on UK
“The discovery of these vulnerabilities comes as a surprise, because the security of Wi-Fi has in fact significantly improved over the past years,” said Vanhoef.
Luckily, it doesn’t appear that hackers have yet been able to take advantage of this flaw but it’s vital that you keep your router’s software fully updated to protect your digital life from attacks.
Many firm’s including Netgear, Intel, Lenovo and Samsung have released updates and advice for customers.
In a post on its site, Netgear said, “it is aware of a set of industry-wide WiFi protocol security vulnerabilities known as Fragment and Forge. If exploited, these vulnerabilities can be used to withdraw data without your knowledge and can lead to other exploits.”
And speaking about its update, Eero’s Co-founder & CEO Nick Weaver, said: “We proactively released an eero OS patch to protect all eero customers from these issues, and we have no evidence that this issue has been exploited on eero devices.
“We appreciate all the work of independent researchers who helped bring this issue to the industry’s attention.”
Vanhoef says that if updates for your device are not yet available, you can mitigate some attacks (but not all) by assuring that websites use HTTPS and by assuring that your devices received all other available updates.
Source: Read Full Article