A new Wi-Fi bug has hit the internet. The bug allows someone to track any device connected to any wireless network.
Yes, that means any device – smartphone, tablet, or computer – could potentially be tracked using this exploit when you’re connected to any wireless network in the world.
The bug was first reported by security researcher Mathy Vanhoef, who demonstrated on YouTube how a hacker could intercept data transmitted from a wireless device – like an Android phone – by exploiting a flaw in the Wi-Fi authentication process.
In this video, it takes Vanhoef less than 4 minutes to complete the exploit:
Vanhoef calls the exploit the Key Reinstallation Attack, or KRACK. In a follow-up blog post, Vanhoef claims the exploit can be used to read data transmitted between a device and the wireless network it’s connected to – even if that network is password-protected and encrypted.
In response to the hack, Vanhoef launched a website called KRACKAttacks.com, where he details how the exploit works and how to protect yourself against attacks.
What Can Someone Track with this Exploit?
This exploit means an attacker could compromise your wireless privacy in less than 4 minutes. The technique, according to Vanhoef,
“…can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.”
Worse, the attack works on most networks:
“The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
It Can Affect All Devices
The exploit affects all Wi-Fi networks – including Wi-Fi networks created by modern, supposedly-highly-secure routers.
However, the exploit also affects all devices – although Android and Linux devices are the most susceptible to KRACK.
Vanhoef was the first to discover the attack method. It’s unclear if attacks like this have taken place in the wild. However, security researchers claim that it’s unlikely.
It’s also important to note that Vanhoef’s tutorial cannot be instantly replicated by any hacker. It requires an incredibly high skill set, and there’s no publicly available code to replicate the attack.
Google Will Take Weeks to Patch the Android Tracking Issue
The Verge is reporting that Google is aware of the issue, but will not patch the problem for several weeks. They plan to release a patch for Android phones “in coming weeks”, with a scheduled update for Pixel phones on November 6.
Meanwhile, Microsoft has already released patches for all supported Windows operating systems. Apple doesn’t appear concerned about the exploit, and has not yet announced whether or not they’ve developed a patch. However, it seems that the exploit doesn’t work against Windows or iOS devices.
Patches for Linux will be distributed soon.
How to Protect Yourself from the Wi-Fi Tracking Problem
As with any recently-discovered exploit, the best solution is to make sure all of your devices are updated.
Windows operating systems have already received the update, although Android devices won’t receive an update until November.
There’s no recorded incidents of this threat occurring in the wild. However, you may want to avoid public Wi-Fi networks for the next few weeks – especially since a tutorial for this SMS tracking/Wi-Fi tracking exploit is fully available on the internet.
How to Track Any Smartphone Without an Exploit
You don’t have to be an elite hacker to track a smartphone. You can track any smartphone in seconds with SpyStealth, the popular mobile tracking software. If you can download and install PC software, then connect your phone to your PC with a USB cable, then you can use SpyStealth to monitor any smartphone – iPhone or Android. Download it today!