WPA2 KRACK. What this means for your Wi-Fi.
You may have read in the news over the last couple of days that a vulnerability has been found in the way Wi-Fi works? In this article we discuss what has been discovered, the impact for you and what you can do next. Professor Vanhoef, leading researcher in networking security at Leuven University in Belgium, announced on Monday 16th October 2017 that he has proved a weakness in the WPA2 wireless protocol, which is used for all wireless computer communications in devices such as smart phones and laptops.
What is WPA2?
WPA2 wireless encryption has been considered as the most robust wireless security protocol used for wireless communications due to the way that algorithms scramble the dialogue between devices and routers. Previous protocols such as WEP and WPA use less advanced encryption methods and so the IEEE set the industry standard to WPA2 in 2006.
The encryption method used under WPA2 constantly changes certain parameters within the data exchange between a device and a router and this is what generates the different combinations a hacker needs to break in order to see and possibly manipulate the data being transmitted. The longer your password using different characters, numbers and symbols, the more amount of combinations the algorithm generates and the harder the code is to break.
What is the KRACK vulnerability?
Before a device, such as your laptop, transmits data to your wireless router there is a process called a ‘handshake’ whereby credentials, means of communications and basic rules of engagement are agreed upon before a ‘connection’ is made and a ‘session’ begins between the two devices. Once this handshake has been completed, the data is encrypted and can then flow in each direction. If a hacker was able to manipulate part of this handshake, then they would be able to view and change the information passed over that connection and this is what that professor Vanhoef has found and named KRACK.
Since this is a vulnerability in the protocol and not a specific device, all developers and manufacturers who use this protocol have been exposed to the vulnerability. The large tech giants of Silicon Valley have been aware of this vulnerability since July 2017 and been working since then to create a patch to prevent the vulnerability. So far, Microsoft has already released their patch for their windows operating system. Apple has confirmed that all iOS and Mac OS, operating systems for iPhones, iPads and Mac computers, have already been patched in beta environments and will be released to consumers imminently. Google have also stated that the patches for android will be rolled out in ‘the coming weeks’ too.
What should I do now?
Firstly, you should ensure that all your devices and apps are up to date with the latest software and keep looking out for updates especially on your wireless devices over the coming weeks. If you have some wireless devices that have no way of updating the software, we advise you remove them from your wireless network. Most devices that have a mobile app as well as a local control should be ok once the developer has patched their app.
If you have data on a device that you feel you still want added protection from this vulnerability, then we recommend using a cabled connection from your computer to your router. Remember that this weakness is only exposed through Wi-Fi, which means that an attacker would have to be within your Wi-Fi network. If you have sensitive information on your mobile, then use your cellular data until the software patches have been released.
If your wireless router doesn’t allow for WPA2 encryption in the first place, we strongly recommend you upgrade your wireless router immediately since the previous protocols are significantly less secure than WPA2, even before this vulnerability came to light.
Lastly, now might be a good time to do a health check on your current passwords and set ups for your home network and devices. Weak passwords themselves are easy for hackers to compromise.
If you have any questions or concerns about the wireless set up in your home or would like more information then, please get in touch via the contact page on our website and we will be happy to advise you on the best course of action.