WiFi may hold unseen vulnerabilities for millions. Source: Shutterstock

WiFi may hold security vulnerabilities for millions of Singaporeans

MILLIONS of Internet users in Singapore are currently vulnerable to cyberattacks, as revealed in a recent alert issued by the Singapore Computer Emergency Response Team soon after the issue was officially announced by the United States Homeland Security’s cyber-emergency unit, US-Cert.

According to the Singaporean team, which is a dedicated unit of the city-state’s Cyber Security Agency, the recently announced security vulnerabilities are caused by a flaw in the WPA2 protocol, one of the Internet’s most common authentication methods. WPA2 is a pivotal aspect of WiFi systems, with the protocol being used to secure the wireless connection between a router and an Internet-capable device.

The recently discovered WPA2 flaw affects billions of Internet-capable devices worldwide. Thus, every device that utilizes WiFi in Singapore is affected by the WPA2 vulnerability, according to the SingCert alert.

Overall, roughly 11 million devices, from smartphones to laptop computers to CCTV cameras in Singapore are currently at risk. In a statement to The Straits Times, SingCert stated that the WPA2 vulnerability would enable hackers to monitor and possibly even manipulate the network traffic of Internet users.

“The attacker can exploit the vulnerabilities to monitor, inject and manipulate users’ network traffic,” SingCert stated, according to the Times.

The malware in WPA2 connections was first revealed by a US regulator. Source: Pixabay

Fortunately, addressing the WPA2 flaw is rather simple. The security flaw was first announced by US-Cert roughly two months ago, and since then, numerous vendors worldwide have issued official patches to address the vulnerability. The security patches have been quite effective, with no reports of a cyber attack related to a compromised device being reported to date.

So far, major manufacturers such as Apple have issued updates to address the WPA2 flaw, with the latest beta versions of iOS, macOS, and tvOS already including new patches that directly address the security issue. Microsoft has also rolled out a dedicated Windows 10 update that covers the WPA2 flaw.

Google and other vendors, however, are still in the process of releasing an official patch for the recently revealed vulnerability. Unfortunately, the Asian region, especially developing countries such as India and the Philippines, is heavily saturated with Google-powered devices. Thus, the fact that the search giant is yet to issue an official patch to fix the WPA2 vulnerability means that a significant number of devices in the region remain at risk.

With this in mind, it is pertinent for Internet users utilizing WiFi connections to ensure that all their bases are covered with regards to the security of their devices. Browsing only encrypted https pages, using a Virtual Private Network (VPN), Transport Layer Security (TLS), Secure Shell (SSH) and keeping software fully updated go a long way in preventing a possible cyber attack.

Everyday Internet users can take certain steps to ensure the vulnerabilities do not affect them. Source: Shutterstock

Online entrepreneurs are also advised to initiate an additional failsafe for their business. While keeping each device fully updated helps, utilizing security systems such as a Managed SOC could help ensure that all data pertinent to the enterprise remains secure.

Subscribing to trusted Anti-Malware software and services also add an extra layer of protection. Utilizing LAN connections for machines handling sensitive business-related information also curbs the WPA2 vulnerability, as noted by SingCert in its advisory.  

In a statement to The Straits Times, Jason Kong, co-founder of Singapore’s Toffs Technologies, called on Internet service providers (ISPs) in the city-state to set up dedicated help desks that would directly address the security needs of their subscribers.

“For peace of mind, users should also subscribe to virtual private network services, available online or from ISPs,” he said, according to a report from the Times.