The "secure" Wi-Fi standard has a huge flaw making millions of people at risk, including you! WPA-2 is the defacto standard security protocol for wireless devices like your phone, and router. If you have ever set up a Wi-Fi network you will have ticked the WPA2 box, either by default, or by recommendation.
When Was The Vulnerability Found?
The vulnerability was first found by Mathy Vanhoef and his team from KU Leuven. He found what is now known as "KRACK". It is less so a result of faulty or poor programming but more of a fundamental issue in how the entirety of the wireless WPA-2 security works.
WPA-2 works on a "handshake" system. This is where a key is sent to the Wi-Fi router from the connecting device and then another key is returned so that the device can connect. These keys are unique, making the connection secure as only one device can connect with one set of keys.
Luckily Windows and iOS will not be too badly affected by the discovery as they handle WPA-2 differently from other devices. Android 6.0, Linux and macOS will all be at risk, however.
How Does It Work?
When two devices connect they talk to each other and provide a secret key to one another, the flaw is that this code can be made to be issued twice, once to the device it should go to, and once to a device introduced by the hackers. This allows more than one device to connect, for example, to your router.
Once the code has be received then the hackers can use it to discreetly inject data, including viruses, as well as monitor and listen to all communications over the network.
The only known drawback for attackers is that they will need to be in WI-FI connection range to exploit it. And until a patch is released then that could be the only thing stopping them.
What Can I do?
Due to the nature of this flaw, changing your password will not keep attackers out. We strongly recommend updating your Firmware now to patch this flaw. Speak to the supplier of your equipment and ask for a Firmware patch, if they cannot help you, call us! We have been able to patch our customers' managed WI-FI within 48 hours of being made aware of the vulnerability, with zero impact on our customers.
Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide
Call us on: 01865 988 217