Wednesday, March 4, 2020

A Flaw in WiFi Chips Allows Hackers to Decrypt Data on the Fly

 


Here’s a new flaw that we might start to see more in the not too distant future...

News is out that there is a WiFi security flaw that can be exploited even if you have the devices affected updated to the latest patches (at least that’s what you think).  

How does this happen?  Glad you asked.  For most of us that are not incredibly tech hardware fluent, we work on keeping our devices up to date.  By that, let’s use your home WiFi connection as a demonstration...

You have a router in your home that connects to your highspeed data connection.  This means that you Internet connection enters your home, hits the WiFi router, and is then converted into a WiFi signal that all of your wireless devices see and access.  Basically your router, using a special chip,  coverts the data signal into a radio signal, and that radio signal is picked up by your wireless devices which then “re-convert” the wireless signal into data.  The basic principle is that the router converts the signal into a foreign language (wireless) which your device than reads and translates.  The key part of this is the “translation” which is done by a chip in the router and a chip in your phone or other device.

Now responsible users will routinely update the firmware in their router and also update the operating system in their phone.  That way when potential sources of compromise in the security are discovered they are patched by the manufacturer.

However, what if the translator is compromised?  Say you are in France and you employ a translator to help you with a banking transaction.  Both the customer (you) and the banker want impeccable security so you make sure you conduct your transactions in a private room at the bank where you cannot be overheard.  This works really well unless the person employed as the translator is working for a criminal.  If *that* happens, everything you say can be known by a malicious third party.

This is what has been discovered to be happening in some devices.  It seems your router and your phone can both be up to date with security, but the *chip* in one or both of those devices may be compromised.  Recently WiFi chips manufactured by Cypress Semiconductor and Broadcom have been discovered to be compromised.  The chips are in devices such as Kindles, Amazon Echos (that run Alexa), iPhones, iPads, Macs, Android phones & tablets, as well as routers manufactured by Asus and Huawei.  The number of devices that could potentially be affected could number in the billions.

There have been patches made available but not many people who are affected know to apply them.  Obviously the best practices indicate that you should check your devices.

No comments:

Post a Comment