The Singapore Computer Emergency Response Team (SingCERT), on Tuesday, issued a warning stating that millions of public, home, and office Wi-Fi network connections in Singapore are vulnerable to attack from hackers who are targeting valuable data. The warning was issued soon after researchers exposed multiple security flaws in the Wi-Fi networks in the country.
The research was conducted by the United States Homeland Security's cyber-emergency unit US-Cert. The US authority has issued a silent warning to vendors two months back before making it public so that they can rectify the loopholes in their system. Many vendors have issued patches and have rectified their systems, while a majority of devices still remain unpatched, thus making them the hottest targets for hackers.
SingCERT is the unit of Singapore's cybersecurity agency which is responsible for managing security threats and attacks in the country.
Who will get affected?
According to SingCERT, this flaw is expected to affect each and every device that uses Wi-Fi. To make things more clear, each and every Internet user in Singapore who connects via Wi-Fi will be at risk; no matter if they are using laptops, mobile phones, gaming consoles or smart home devices.
As per statistics, more than 11 million devices are using Wi-Fi in Singapore, and it includes routers, smartphones, computers and even surveillance cameras. The vulnerability in Wi-Fi is expected to negatively affect the data confidentiality of various home and office networks in Singapore.
"The attacker can exploit the vulnerabilities to monitor, inject and manipulate users' network traffic," SingCERT told the Straits Times.
Problems with WPA2
The research conducted by the US agency found critical vulnerabilities in WPA2, the most common authentication method in all nooks of the world. The WPA2 protocol is responsible for securing the Wi-Fi connection between a router and an Internet device.
"The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. To prevent the attack, users must update affected products as soon as security updates become available," wrote Mathy Vanhoef of Belgium University, who discovered the flaw in his research paper.
As of now, no incidents have been reported of these flaws being exploited. Security experts believe that a patched device is enough to protect the user even if the Wi-Fi network is not patched.
Vendors trying to fix the issue
On October, Microsoft released a software fix to bring about a solution to the Wi-Fi flaw. The latest beta versions of Apple's iOS, tvOS, watchOS and macOS also have the software fix for this problem. Other popular vendors like Google are working on a security fix, and they are expected to be out in the coming weeks.