Your Wi-Fi Connection Isn’t As Secure As You Think
Pinterest Stumbleupon Whatsapp
Advertisement

The WPA2 encryption security protocol that protects your Wi-Fi connection has a flaw. And it’s a flaw that could allow hackers to intercept passwords, photos, emails, credit card information and more. It could also potentially be used to inject malware onto a website you’re casually visiting.

This is a potentially catastrophic vulnerability that could adversely affect almost anyone connected to the internet. And unfortunately, there isn’t a great deal any of us can do to fix the problem. Instead, we’re reliant on the likes of Microsoft, Google, and Apple issuing fixes sooner rather than later.

KRACKing the WPA2 Security Protocol

The WPA2 vulnerability, as discovered by security researcher Mathy Vanhoef of the Katholieke Universiteit Leuven in Belgium, has been codenamed KRACK. This stands for Key Reinstallation AttaCK, so-called because the vulnerability exploits the 4-way handshake which the WPA2 protocol uses to ensure that both the client and access points have the correct credentials.

As reported by Ars Technica, in essence, KRACK allows an attacker to force the client to reuse an already-used encryption key. Any encryption can then be bypassed, allowing the attacker to intercept any traffic, including sensitive data. They could, if they wanted to, also take the opportunity to inject malware into websites.

Because this vulnerability is in the WPA2 protocol itself, pretty much every device which connects to Wi-Fi is affected. However, because of the way they deal with encryption keys, Android and Linux are even more vulnerable to KRACK. Which is worrying given the sheer popularity of Android.

After discovering this flaw in WPA2, security researchers sent out notices to specific vendors in July. And then in August a broad notification was released with a warning that the vulnerability would be publicly disclosed today (October 16). Unfortunately, that doesn’t appear to have been long enough for most vendors to fix the problem.

Fixes Are Rolling Out… Slowly

Security fixes for the WPA2 flaw are already being rolled out. Microsoft has already released an update for Windows (8 and above), and Google will be issuing a patch in the coming weeks. So all any of you can do is update your wireless routers and other devices as soon as vendors issue these updates.

Unfortunately, not all vulnerable devices will be patched, and even if a fix becomes available the onus is on individuals to install the updates. And that means there will be millions of devices vulnerable to KRACK for years to come. Perhaps it’s time for the Wi-Fi Alliance to develop WPA3…

What do you think of KRACK? And are you worried about it being exploited in the wild? Should every company whose products are affected by this release a patch as a priority? Or do you think the threat is being overstated? Please let us know in the comments below!

Image Credit: Tony Webster via Flickr

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. James Howde
    October 17, 2017 at 12:01 pm

    Fortunately I'm somewhat protected by the crapness of my router. I'm sure I'd notice having to ask the bloke with all the eavesdropping equipment to move his head so I can see the Tele.

  2. David Martchouk
    October 16, 2017 at 7:46 pm

    This article makes it seem like cracking WPA2 is now really easy, does that mean the hacking instructions are now spreading like wildfire? Surely, many devices in many places of the world would then be hacked very soon , unless the hack is actually complicated and slow, which is it?

    Easy > popular, common, spreads fast, many attempts
    Hard > rare, hard to google for or find forum, only professional hackers will pull this off, only a few cases

    • dfghjk
      October 17, 2017 at 6:22 am

      wow