Singaporeans should be on alert about the vulnerabilities of their Wi-Fi systems at homes and offices as they might get attacked by hackers targeting their valuable data. However, there is no need to panic as Singapore Computer Emergency Response Team (SingCERT) has issued an advisory giving several recommendations to enhance security of their Wi-Fi system including patching. Users are also encouraged to secure their Wi-Fi networks using a secondary encryption tool such as virtual private networks (VPNs), or consider a supplementary security protocol such as Transport Layer Security (TLS) and Secure Shell (SSH).
Through a press release, SingCERT pointed in its advisory that the Wi-Fi Protected Access 2 (WPA2) security protocol, which was developed by the Wi-Fi alliance to enhance the security of Wi-Fi networks, have multiple vulnerabilities. These vulnerabilities may affect the data confidentiality of users' Wi-Fi connectivity in their homes and offices.
Issuing the alert, SingCERT said, “The attacker can exploit the vulnerabilities to monitor, inject and/or manipulate users' network traffic.”
Giving the technical details about the modus operandi of the attacker, SingCERT said, “An unauthenticated attacker within Wi-Fi proximity of a targeted wireless Access Point (AP) and devices is able to spoof the network and force the victim to connect to it instead of the legitimate AP. This is done through a ‘Key Reinstallation Attacks’ (KRACK), which force a cryptographic nonce reuse by retransmitting the third message of the WPA's four-way handshake process to trick the victim to reinstall a known key to the attacker. This allows the attacker to intercept the traffic between the affected AP and Clients and decrypt Wi-Fi packets.”
To protect the Wi-Fi system, SingCERT has also given several recommendations. It said, “Microsoft has released a security update for supported versions of their products, and users are strongly advised to patch their systems. Users of other affected devices are advised to check with their respective vendors on the availability of the security patches and apply appropriate patches to resolve these vulnerabilities as soon as possible.”
To enhance security, users are advised to secure their Wi-Fi networks using a secondary encryption tool such as virtual private networks (VPNs), or consider a supplementary security protocol such as Transport Layer Security (TLS) and Secure Shell (SSH) to encrypt and protect data confidentiality when performing sensitive transactions.
Alternatively, they could use a wired LAN for Internet connection, SingCERT said.