Wi-Fi Vulnerability Could Put Millions of Devices at Risk

But hackers must be close by

Newly discovered flaws in the Wi-Fi standard reportedly could let hackers steal information from devices.

Noted security expert Mathy Vanhoef wrote on his blog recently that programming mistakes in Wi-Fi could affect every Wi-Fi device. However, Vanhoef said that the risk of attacks using the flaws is low because a hacker would have to be nearby. 

Getty

"The biggest risk in practice is likely the ability to abuse the discovered flaws to attack devices in someone's home network," Vanhoef wrote. "For instance, many smart home and Internet-of-Things devices are rarely updated, and Wi-Fi security is the last line of defense that prevents someone from attacking these devices."

Vanhoef ran experiments and discovered that two out of four tested home routers were affected by the vulnerability, as well as several IoT devices and some smartphones.

Wi-Fi has generally been considered a secure standard. "The discovery of these vulnerabilities comes as a surprise because the security of Wi-Fi has, in fact, significantly improved over the past years," Vanhoef wrote.

But other attacks using Wi-Fi have come to light recently. Security researchers were able to hack a Tesla Model 3 car by using a drone flying overhead. The researchers demonstrated how the drone could launch an attack via Wi-Fi to hack a parked car and open its doors from a distance of up to roughly 300 feet. The researchers said the exploit worked against Tesla S, 3, X, and Y models.

"Many smart home and internet-of-things devices are rarely updated, and Wi-Fi security is the last line of defense that prevents someone from attacking these devices."

The researchers used the car’s Wi-Fi connection as a starting point, then inserted code via the Model 3's built-in web browser. 

"It would be possible for an attacker to unlock the doors and trunk, change seat positions, both steering and acceleration modes—in short, pretty much what a driver pressing various buttons on the console can do," the researchers wrote on their website.

Was this page helpful?