Wi-fi security flaws expose millions here to cyber attacks

SINGAPORE -- Millions of public, home and office wi-fi networks in Singapore are vulnerable to attacks by hackers targeting valuable data, after multiple security flaws were exposed by researchers, the Singapore Computer Emergency Response Team (SingCERT) warned on Tuesday (Oct 17).

This means almost everyone who connects to the Internet via any device with wi-fi connectivity, such as laptops, mobile phones or even gaming consoles and smart home devices, is at risk.

SingCERT, which is under the Cyber Security Agency, issued an alert saying: “These vulnerabilities may affect the data confidentiality of users’ Wi-Fi connectivity in homes and offices.”

The flaws affect wi-fi networks worldwide that use the Wi-fi Protected Access (WPA) 2 protocol, the most common authentication and protection solution for wi-fi networks currently. It may also affect devices on the WPA standard, said SingCERT.

“After a successful man-in-the-middle attack conducted on the affected devices, the attacker can exploit the vulnerabilities to monitor, inject and/or manipulate users’ network traffic,” said SingCERT.

Experts say this potentially means hackers could attack home and office networks to try to access valuable data, or launch other kinds of mischievous attacks.

Mr Bill Taylor-Mountford of security intelligence firm LogRhythm, said: “This means that any data being sent out, including sensitive information such as login credentials or personally identifiable information, can be decrypted by the attacker. The attacker may also use the same exploit to divert users to malicious sites or install malware.”

Companies might be less at risk if they have sufficient security measures in place.

Mr Anthony Lim, a consultant at ISC2, a global cybersecurity professional certification body, said: “If the company networks are properly managed, and have user privileges and access controls, and other security layers, then they are less at risk.”

He added: “Home owners are more at risk because they have less internal security, and these hackers could attack not just their personal computers, but also smart home devices.”

But all is not lost.

Mr Lim pointed out that in practice, it would be more challenging to launch such an attack as hackers would need to be within proximity of the wi-fi networks in order to do so. But this potentially makes public wi-fi networks a problem, said experts.

Device manufacturers such as Microsoft are already starting to roll out patches, which consumers are advised to download. Google and Apple have said they will be releasing one soon, while there is no fix yet from the router manufacturers.

Telcos here are encouraging their customers to track updates from their device manufacturers and diligently apply patches.

“We are working with our device partners to better understand when patches will be made available, and we strongly encourage our customers to ensure that their wireless devices are running on the latest software,” said a Starhub spokesman.

Users who do not yet have access to patches can take steps to avoid being compromised, by connecting to wired broadband or mobile networks only, said industry experts. They can also secure their networks by using a secondary encryption solution such as a Virtual Private Network (VPN).

Mr Taylor-Mountford advised companies to ensure their networks are secured by additional layers of network security, such as VPN or end-to-end data encryption software, while waiting for patches.

“More essential, however, is ensuring that the network is monitored in real-time to detect any unusual behaviour or threats. This gives us more time to react and respond to cyber attacks, which are often first observed within the network itself."