17 Oct 2017

Krack attack: NZ wi-fi users warned

3:54 pm on 17 October 2017

Internet NZ says New Zealanders should avoid using Wi-Fi following a global software hack.

Hacker, cyber attack, (File photo)

Photo: 123RF

Weaknesses have been discovered by Belgian researchers that allow attackers to read data that passes between a device and the Wi-Fi router.

Government cyber security agency CERT NZ said in some cases, attackers could alter traffic to change what was displayed to the user.

The attacks, also known as KRACK, also gives attackers the ability to inject viruses or ransomware into websites.

This affects almost all devices including computers, mobile phones, routers and smart TV.

However, the hacker would need to be within Wi-Fi range.

Find out what you need to know

"If your device supports Wi-Fi, it is most likely affected," researchers Mathy Vanhoef and Frank Piessens said on the krackattacks.com website, which they set up to provide technical information about the flaw and methods hackers might use to attack vulnerable devices.

CERT NZ said the best way for people to prevent an attack was to make sure devices were up-to-date, though not all software providers had a fix for the vulnerability yet.

"If you turn on automatic updates, you'll get the update as soon as it's available," the agency said.

Where possible, plugging devices into a network, rather than using Wi-Fi, would provide protection from wireless attacks.

InternetNZ deputy chief executive Andrew Cushen said that could include plugging a cable into a home modem or using the data on a mobile device.

"The best thing that we can all be doing over the next wee while is, first of all, not using Wi-Fi, unfortunately."

Microsoft's recent security update resolves the issue, except for Vista and XP, he said.

Mr Cushen said if customers had any doubt they should contact their internet provider or their product manufacturer.

Spark says it's not vulnerable

Communications company Spark said its home broadband modems were not vulnerable to the threat.

In a statement, Spark said that it was because the Krack vulnerability only applied to private Wi-Fi networks that involved multiple access points (modems) as well as a WiFi protocol that enables end users' devices to seamlessly switch from one access point to another.

It was not aware of any of its customers having been compromised.

And it said it was talking to device manufacturers to find out when patches fixes would be available and encouraged customers to enable automatic upgrades on their devices.

Vodafone not aware any customers affected

In a statement, Vodafone said it was aware of the potential security threat and was working with manufacturers to update its devices to protect against vulnerability.

"Vodafone NZ was not aware of any customers being directly affected by the threat, but urges people to keep their devices and security software updated."

Get the RNZ app

for ad-free news and current affairs