Millions of private and public Wi-Fi networks in Singapore left their users vulnerable to attack.
A Group of researchers, the Singapore Computer Emergency Response Team (SingCERT) recently discovered several security wi-fi flaws in millions of public, home, and office networks. The research team has warned that these flaws could be exploited by hackers to gain access to data.
The vast scope of the flaws means that essentially every single user who connects to the internet using wi-fi via any device, such as laptops, tablets, smartphones, and even gaming consoles are at risk.
The SingCERT team recently issued an official warning which confirmed that the vulnerabilities have the potential to compromise the confidentiality of a user’s data. SingCERT is currently a division of the Cyber Security Agency.
According to SingCERT, the discovered flaws affect any wi-fi network worldwide that uses the Wi-Fi Protected Access (WPA) 2 protocol. Currently, this protocol is the most commonly used authentication and protection system for wi-fi networks.
SingCert explained the dangers by stating that an attacker can exploit these vulnerabilities by launching a man-in-the-middle attack on targeted devices. After the attack, malicious attackers will then be able to monitor, compromise, and manipulate a user’s network traffic.
Experts have confirmed that the vulnerabilities will give hackers access to home and office networks to gain easy access to sensitive and personal information. The stolen data can also enable them to perform other attacks.
According to Bill Taylor-Mountford from the security intelligence firm, LogRhythm, the nature of the vulnerabilities means that all data sent out by a device has the potential to be intercepted by malicious hackers. This could include login credentials, banking details and other sensitive information which can be decrypted by hackers. Hackers can also use the information to install malware or perform other nefarious activities.
Companies are less at risk than private users, due to most companies’ cybersecurity policies.
An ISC2 consultant, Anthony Lim, has confirmed that if businesses and companies have sufficient security measures in place, they have significantly less risk of becoming victims of data theft.
Lim added that private and home users carry the most risk as they generally have little to no internal security.
Despite the large scope of the attack, Lim stated that it is challenging to launch such an attack. The attack would require that hackers are in close proximity to the target wi-fi network. However, he pointed out that because of this, public wi-fi might have the most risk.
To address the vulnerabilities, companies such as Microsoft have already made patches available and urged users to download them. In addition, Google and Apple have announced that they will soon release patches. However, no router manufacturer has yet addressed the problem.
Telcos have encouraged their users to track updates from their device manufacturers and to download patches, if available.
According to a Starhub spokesperson, the company is currently collaborating with their partners to create efficient patches. They continued to recommend that customers implement patches and update their devices to the latest available software.
However, users whose devices still don’t have patches can use other measures to protect their networks and devices. Users have been recommended to only use wired broadband or mobile networks. In additions, users were urged to installing a VPN which would add encryption to their online activity.
Per our analysis, here is the list of best VPN providers overall and best VPN service for iOS (Iphone and iPad).
As for companies, Taylor-Mountford urged companies to review their cybersecurity policies and measures and urged them to use VPN or end-to-end data encryption software until patches are available.
Taylor-Mountford also expressed the importance of constantly monitoring a network in real-time in order to detect unusual activity or threats. He emphasized that this is the best practice for early detection and efficient responses to cyber attacks.