Digitpol, A cybercrime investigation firm based in Hong Kong and Europe has warned business owners to ensure Wi-Fi routers are secured, updated and the new security standard WPA3 is implemented. Digitpol’s digital forensic researchers recently detailed new types of Wi-Fi attacks which were discovered by investigating large data leaks, all of which occurred on the WPA2 security standard. The attacks allowed hackers to crack WiFi passwords on business grade routers regardless of how strong the passwords were set to.
The WPA2 security flaw is mainly due to specific routers which are common and found with outdated WPA2 password encryption. Research has also found 100s of routers sold in November 2018 are still using WPA2 security password encryption when WPA3 is now the security standard. Digitpol urges business and corporate agencies to purchase WPA3 Certified Wi-Fi routers.
Lately, WiFI attacks are more common in the business industry and have been discovered in major investigations. According to cybersecurity firm Avast, a vulnerability in MikroTik WiFi routers has affected nearly 2.5 lakh routers all over the world, which allows hackers to use resources for various cyber attacks and crypto-mining.
The report suggests that a total of 85,230 routers were affected by this in Brazil and 11,809 in India. According to Avast, this was done by exploiting the vulnerability of “CVE-2018-14847.” The operating system, Winbox that is used by MicroTik comes with this flaw and allow a hacker to go around authentication and gets the access to arbitrary files. After the attackers get the access, they can easily use resources for eavesdropping and crypto mining. InfectedMikroTik is one of the suspects for this.
Digitpol’s mobile forensic team are conducting WiFi audits for business in Hong Kong and Europe, the audit details the number of connected devices, security flaws, un-authorized devices, and instant upgrades. The audits have so far discovered out-of-date firmware allowing remote control, hijacked routers, modified firmware, many connected un-authorized devices, and an active interception. Digitpol has resolved the flaws and upgraded the security of dozens of WiFi routers but have advised businesses to purchase WPA3 approved routers to be future proof.