KRACK: Is Our Wi-Fi Secure?
On Monday critical research was released on a serious weakness in WPA2 (“A protocol that secures all modern protected Wi-Fi networks”). Belgian researcher Mathy Vanhoef of Imec-DistiNet discovered an attacker within range of a victim can “exploit these weaknesses using key reinstallation attacks (KRACKs).”
KRACK would allow hackers to steal personal information, like passwords and card numbers from a user, not to mention that this could affect nearly all wireless devices. Mass amounts of people are at risk, Vanhoef stated in his research that “Currently, all modern protected Wi-Fi networks use the 4-way handshake. This implies all these networks are affected by (some variant of) our attack. For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES”. However, he made it clear that you should not temporarily use WEP until devices are patched, continue to use WPA2.
The media and consumers alike have been thrown in to a panic, wondering if they are at risk. But, this begs the question, who is to blame? Matthew Green, a professor at John Hopkins University, stated that if we’re looking for someone to blame, “a good place to start is the IEEE” (Institute of Electrical and Electronics Engineers). He stated that one of the problems is that “the standards are highly complex and get made via a closed-door process of private meetings. More importantly, even after the fact, they’re hard for ordinary security researchers to access.
So, what can we do? The main advice given is to update all of your devices and if you have any queries to contact your vendor. Both Google and Apple are working on security updates to fix the KRACK flaw, Microsoft also stated that a recent security update had fixed the problem for Windows 7, 8 and 10 users.
Do you think all the necessary steps to fix this are being taken? Or could this have been prevented?
Let us know!