With so many consumers relying on mobile devices these days, it is no surprise criminals continue to look for new ways to take advantage. A new exploit recently uncovered by researchers shows how assailants can read WiFi-based traffic between devices. Around 41% of all current Android devices are susceptible to such an exploit. This issue goes well beyond mobile devices, although Linux-based devices are most prone to attack.
Major WiFi Exploit Causes Big Concerns
Wireless internet has slowly but surely become the preferred method of accessing information on any type of device. Especially when it comes to smartphones and tablets, WiFi usage is a pretty high priority. Mobile data plans are still pretty expensive in most parts of the world, unfortunately. However, most people are slowly coming to realize that WiFi connections are not necessarily the safest way to go about things. There is good reason for such wariness, especially when taking this newly-discovered exploit into account.
More specifically, this WiFi attack works against all modern networks, regardless of the encryption methods being used. It is a weakness within the WiFi standard itself which makes it so worrisome right now. This is not something that can be solved overnight, though, as it will require a major overhaul on the technical side of things. So far, the exploit has been tested successfully against Windows, macOS, iOS, Android, and Linux devices, although the latter group seems to be the most vulnerable.
According to the researchers, around 41% of all Linux-based devices are susceptible to the new exploit. This is not good news for Android phone users either, considering that Android is based on Linux itself. When an assailant successfully intercepts internet traffic, it is impossible to tell what kind of damage they will do. Stealing account passwords is one of the biggest concerns, of course, but the consequences can be far more severe. The exploit could also be used for phishing and man-in-the-middle attacks, among other things.
Thankfully, it is not all that easy to exploit the WiFi standard in this manner. Assailants need to be in close proximity to the device they are looking to spy on. Installing malicious WiFi hotspots would make this process significantly easier, though, which highlights the dangers of connecting to free WiFi networks in public places. Researchers successfully sniffed credit card data, chat messages, photos, emails, and chat logs through this exploit. It is evident this problem is not something to ignore by any means, although it remains to be seen how many people will suffer from this issue in the long run.
On the Android side of things, any device running version 6.0 or above is heavily susceptible to this type of attack. It appears the operating system has a built-in vulnerability, which makes the interception of internet traffic a cakewalk. Moreover, an assailant can easily manipulate web traffic for such a device, which can have all kinds of annoying and potentially devastating consequences. So far, there is no official fix for this bug, despite various patches having been released to address attack vectors.
Rest assured there will be a lot of security patches forthcoming for all major operating systems in the coming weeks and months. Protecting users against this WiFi attack should be the number one priority right now, although completely solving this issue will not happen anytime soon. Changing one’s WiFi password will not mitigate this attack vector by any means, but updating routers’ firmware can certainly be beneficial.