Email this Article Email   

CHIPS Articles: Researchers find bug in Wi-Fi network encryption

Researchers find bug in Wi-Fi network encryption
By Phoebe Rouge, Technologist, Office of Technology Research and Investigation, FTC - October 23, 2017
If you have a smartphone, laptop, or IoT device connected to a Wi-Fi network, the information you send over that network could be at risk. Researchers recently found a bug that lets attackers break the encryption that protects most wireless networks — leaving data you send exposed.

The bad news is that this is not a problem with a specific device, or even manufacturer — it’s a problem with the WPA2 encryption standard nearly all Wi-Fi devices on the market today use to scramble communications, preventing eavesdropping and tampering. Basically, if you use a device to connect to a wireless network at home, work, or elsewhere, this bug means you cannot rely on that connection being secure.

The good news is that the bug can be fixed with a security update or patch. Device manufacturers and software companies are aware of the bug and updates for affected devices should be rolling out in the near future, if they haven’t already.

In the meantime, connections other than Wi-Fi (like your smartphone’s 4G/3G carrier connection, or a connection with an Ethernet cable) are not affected. So, consider using them instead of Wi-Fi until the updates are available.

Even so, this bug is a reminder that there’s no single solution to secure your data, and all of the other tips for protecting your sensitive information and security online are more important than ever, including:

  • Keep up with the latest updates for your software and devices, including updates for your smartphone, computer, and any IoT devices around your home.
  • Avoid sending sensitive information over public Wi-Fi, whether or not it’s encrypted.
  • When you do send sensitive information to a website, make sure the address starts with “HTTPS” — this will at least ensure the data you send to that one website is encrypted.
  • A VPN (Virtual Private Network) app or service can give you another layer of protection for your personal data. VPNs encrypt traffic between your computer and the internet — even on unsecured networks. You can get a personal VPN account from a VPN service provider. If you decide to use one, be aware some VPNs are more secure and easier to use than others, so shop around. Read reviews from several sources, including impartial experts.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics or file a complaint if you have been scammed consumer complaint online or by calling 1-877-FTC-HELP (382-4357).

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer