All Wi-Fi networks are now potentially vulnerable to a newly found security flaw in the Wi-Fi Protected Access 2 (WPA2) security protocol. It is the first time a flaw has been found within the encryption standard, which has been widely used to secure Wi-Fi networks since 2003. The security flaw, known as a Key Reinstallation Attack, or Krack affects Apple, Android, Windows and Linux Operating Systems, putting all computer users at risk.
What is WPA2, and why is it vulnerable?
WPA2 is widely recognised as one of the safest methods to secure wireless traffic between a router and a device. It uses a four-way handshake to set up an encrypted channel between your device and the router to ensure that no-one else can intercept and decrypt the traffic. A researcher from the University of Belgium, Mathy Vanhoef, has discovered a way to install a new key used to encrypt network communications, allowing hackers access to the data.
Krack poses a risk to your online security
The attacker has to be within range of the Wi-Fi network to launch a successful Krack attack. Attackers can’t obtain your Wi-Fi password, they can only intercept and read traffic that passes between the user and the wireless router. If the users are sending traffic over the network that isn’t encrypted (HTTPS/VPN etc..) the attacker could t view traffic, including passwords, credit card details, bank details and other sensitive information you send over the Internet.
You should update all your devices, including mobiles, tablets and laptops with the latest security patches – there is a link to the most up-to-date patches at the bottom of this article.
Websites that have been properly encrypted using https can’t be decrypted, so online banking and most e-commerce transactions will remain secure. Public Wi-Fi is considered the riskiest, so if you plan to work from a coffee shop, a hotel or an airport, for example, it might be best to avoid sending sensitive information until you know that routers and Operating Systems have been patched or use a VPN.
Things to do:
- Make sure your network is protected using a strong and memorable password. If you don’t have a password, you are vulnerable to more attacks.
- If you are working from a coffee shop, hotel or other location that offers Wi-Fi, only connect to secure networks. You can tell if a network is secure if it has a small padlock next to the network name.
- Most banking and online shopping websites are protected by Secure Socket Layer (SSL) encryption and are protected against this vulnerability. You can tell if a website is using encryption by the little padlock in the top left of the screen in the address bar.
- Update your router. It is always best to check which firmware your router is running and if you need to patch it, always download software from the manufacturer’s website.
- Use a trusted Virtual Private Network (VPN). If you are really concerned and need a short-term fix, we suggest routing your traffic through a VPN.
- Connect to the network using an ethernet cable. If it’s not possible to do so, i.e. you are using a mobile device, switch to cellular data instead.
- If you have smart home devices, e.g. CCTV cameras at home, update the firmware. If the manufacturer hasn’t yet updated the firmware, consider unplugging the device from your network until a security patch becomes available. If, in a few weeks you are still worried, contact the manufacturer and ask when a patch will be available.
- Work offline. If you are working in a location that offers Wi-Fi, but you are worried about a Krack attack, disable Wi-Fi and work offline until you are satisfied that your connection is safe.
List of Available patches – http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/