Computer scientists at the University of California, Riverside, have discovered a security flaw that affects all Wi-Fi routers. Hackers could exploit the weakness in the transmission control protocol (TCP) and perform a web cache poisoning attack to steal passwords, login information, and other private data. Unfortunately, a fix isn’t possible, as the vulnerability stems from a 20-year-old design based on TCP and Wi-Fi. To prevent hackers from using the exploit, researchers recommend that manufacturers build routers that operate on different frequencies for transmitting and receiving data.
Fortunately, this attack technique won’t work with encrypted sites that use HTTPS and HSTS. Users on Ethernet connections are similarly not affected. Given that the attack won’t work on encrypted sites, most users who browse the internet on a modern browser shouldn’t be affected. Many browsers, including Google’s Chrome, already warn users if they visit an unencrypted site.