Gadgetory

hey guys this is Austin Wi-Fi is basically everywhere and odds are you're using one of these devices over Wi-Fi pretty much every day however it just got a lot less secure two Belgian researchers were able to find a flaw and the WPA to Wi-Fi protocol all this nerd talk aside means is that a secured network is no longer as secure as you think so to take a closer look at this we have our resident hacking expert West and you've actually spent a couple days trying to figure out exactly how all of this stuff works so there are two types of Wi-Fi secure it and open they've probably connect it to an open network it's something like a coffee shop or an airport well it's great to have free Wi-Fi the downside of being open is that it really is truly open nearly anything you do on an open Wi-Fi network can be spied on by other people so the idea here is that if I decide to jump on Wi-Fi you can intercept that and see what I'm doing yeah my laptop is essentially now sitting in between your phone and whatever whatever websites you're trying to access a so if I say go to Google comrade now as you load up so I am on the Google homepage no problem but on your end and what you can actually see here is that is showing me that you are going to a Google service it's not going to work for every website this is something this is an attack that has been known about for a while and is pretty competitive in most websites a lot of people have the security features built in to combat this what I'm seeing now after I started kind of diving into is there are actually some pretty major websites that are not fully protected yet so for my name this looks totally normal I see HTTPS it's secure and generally speaking if you do see HTTPS with a little green lock on your browser you are secure because even this will get between me and my Wi-Fi it won't get between me and the encryption and the Wi-Fi you can't crack that step just yet exactly what this is trying to do is it is trying to target that HTTPS but most big websites at this point have the technology in place to basically tell my laptop to get out of here so give me a website let's try it let's go to spirit comm okay it's loading it looks fine on my end I see it's not HTTPS but I mean it looks like a lot of standard generic web sites and that's that's kind of creepy okay and looking in right there I can see though it's like instant and what's creepy as it actually parses the data to so I can see the type was a check-in I see the last name and the record locator yeah that is really scary but to be fair that's going on open Wi-Fi however if you're at home yeah well if you're at home let's say that you're checking something personal like like if you wanted to check banking information sure though I know some people are fan of Amex so go to American Express is a website Oh interesting so now I see www M Erica Express which is another tactic that this kind of attack use yeah I can't just strip it off it'll try and do other little tricks to essentially allow you through so at this point if you see something like this bail like this is not right like yeah it's one thing to not see HTTPS and you should really look for that anytime you're logging into anything sensitive if you see a bunch of extra double use that should be a big red so I know that something's up so yeah go ahead and press the login button that has a little luck next to it looks such a bad idea and yeah go ahead and check your account feel free to easier your correct credentials I could do that at all all right logging in and boom I can see that your user ID is test and password is wes is hacking right there seconds so you're basically able to capture all that now that's not a real account as you guys might be able to imagine so just bounce me out but normally speaking if that was my actual account I would been logged right in checking all my credit card information the whole deal yeah you would have no idea and I would not only have the information but I would have it laid out for me in color-coded fashion so the concerning part about all this is the people that have actually discovered the wpa2 craft they have said that at a security conference that's coming up they're going to release the code it's gonna be in the wild it's gonna be in the wild so they've essentially put a shot clock on every company to say hey if your device supports Wi-Fi which is everything a couple devices you you have to update soon otherwise it's okay until things get patched everywhere you really should treat all Wi-Fi as if it's an open and unsecured Network now there are ways around this for example if you're plugged in via ethernet then you're going to be able to avoid all of this however something you should always be doing regardless of how you connect to the internet is looking out for that HTTPS in your browser bar that means that whatever you're sending whether it's bank information login info credit cards whatever it's going to secure at least way more secure than otherwise my VPN is also a good idea so it's not perfect your computer can send some information between when you get on Wi-Fi and when you connect to the VPN but generally speaking encrypting web traffic is going to get around a lot of these issues and as long as using and actually trustworthy VPN that is going to protect your data you should be pretty safe because this is so new there actually aren't a lot of patches that are available for you to download just yet so Google is working on an Android patch which will be coming soon however that's going to be going to pixel devices and actually may take a while before it hits the rest of Android phones now Microsoft did update Windows 10 already for this however even though Windows is patched some Wi-Fi drivers may also need to be updated you can definitely expect other companies to follow suit quickly with updates for their products so you consider that pretty much everything in the world that connects to Wi-Fi is vulnerable to this it's going to take a while and if you have an order device you might just not be able to get an update at all thankfully this can be fixed with software updates but for now make sure you're using HTTPS and if you're really worried you can consider using a VPN so if you guys are interested in more info on hacking actually recently did an entire video all about it so be sure to go check that out and I will catch you guys in the next one