Security experts warn: Security of wireless wi-fi using WPA2 cannot be considered safe. Researchers warn that the vulnerability, named KRACK, suffers virtually all wireless networks today. The problem has computers, mobile phones, routers, smart TVs and other devices.
“I have discovered a serious vulnerability in the WPA2 protocol, which provides all modern protected wi-fi networks,” said Mathy Vanhoef, a security expert at Imec-Distrinet at the Catholic University of Belgian Leu.
“The attacker who is within reach of the victim (tens of meters) can take advantage of this vulnerability, and by using Key Reinstallation Attacks (KRACK), it can read information that has been previously considered to be securely encrypted, ” writes Vanhoef
Virtually all devices on the market suffer from this vulnerability (list at CERT.org). For example, attackers verified the attack functionality on Android, Linux, Apple, Windows, OpenBSD, and more. A detailed description of the error is available for download in PDF.
How to protect your Wi-Fi against KRACK:
- Use secure HTTPS wherever possible. For example, you can use the extension for your browser HTTPS Everywhere by EFF.
- Each Wi-Fi network (including your home network) is considered unsecured until the corresponding patches are issued
- Temporarily set your wi-fi wireless network you’re connecting to as “public” instead of “home”
- When the operating system update is available, install it.
- For the next level of security, you can use VPN.
For network providers
- Do not rely on WPA2 security as the only security
- Ensure that the manufacturer has not issued a firmware update or patch for the operating system being used
- For highly sensitive transmissions, select the network cable, not the wi-fi
- The most important thing is to update the software on the end devices
Available patches against KRACK:
According to The Verge, some companies, including Microsoft, have already repaired the vulnerability of their products: “Customers with active automatic updates are protected from this vulnerability,” The Verge quoted.
According to AppleInsider, the vulnerability is patched in a beta version of the current operating systems. The fix should go public in a few weeks, so iOS and macOS devices aren’t in the clear just yet.
Google has promised a fix for affected devices “in the coming weeks.” quoted The Verge.