Sign up to our newsletter
The WPA2 encryption scheme has been broken leaving Wi-Fi connections open for would-be attackers who could use an attack to read information that was previously believed to have been secure because it was encrypted.
‘KRACK’ or Key Reinstallation AttaCK, as it has been labeled, means third parties could eavesdrop on a network meaning private conversations might no longer in some circumstances be so private as Wi-Fi traffic passing between computers and access points could be picked up by cybercriminals that are within range of the Wi-Fi of a potential victim.
This will be a major problem for companies and their IT departments as they scramble to protect themselves. Fortunately, for them, they should have experts within their teams that should be able to get to grips with the issue.
Unfortunately, those that might suffer most from the WPA2 issue could be family and friends who have older routers at home or in small businesses, that are desperately in need of firmware upgrades. However, Alex Hudson over at alexhudson.com has some sage advice for those who might fear for all things internet related if these rumors are indeed true:
“Secure websites are still secure, even over WiFi; think about setting your computers to “Public Network” mode – that increases the level of security on the device relative to “Private / Home Network” modes. Remember, if third parties can get onto our home networks, they’re no longer any safer than an internet cafe; if you’re paranoid about your mobile, turn off WiFi and use mobile data when necessary; it sounds like no similar attack against ethernet-over-mains power line is possible, so home networks based on mains plugs are problem still ok; keep computers and devices patched and up-to-date.
ESET senior research fellow David Harley says of Hudson’s advice, “treat your own network as if it were a public network and configure your computers accordingly. Many home users would probably not be unduly inconvenienced that way, or will at least be able to work round likely difficulties, but businesses, even relatively small ones with a single small LAN, would tend to be hit harder”.
It is hoped that large vendors will be able to release new firmware that will diminish the impact that ’KRACK’ will have.
The question will arise though: Do we now need WPA3? Well the short answer is not yet. Thankfully the issue can be addressed, and be patched in a backwards-compatible manner. This will mean that WPA2 will not need to be replaced just yet.
Author Shane Curtis, ESET