A flaw in the WPA2 security protocol that secures Wi-Fi communications has been exposed, potentially rendering all devices that use Wi-Fi, including home networks, vulnerable to attack.
A security researcher, Mathy Vanhoef, from Belgian university KU Leuven, discovered the weakness, dubbed "KRACK" - which stands for Key Reinstallation Attack - and made the details public
on Monday, 16 October, though he discovered the flaw in August.
It’s unlikely that hackers will exploit the flaw immediately given that it’s quite complex to carry out. That said the potential for harm is certainly there and it’s an issue that people need to be aware of.
What is WPA2?
- WPA2 stands for Wi-Fi Protected Access 2
- It is the current industry standard for protecting traffic on Wi-Fi networks
- WPA2 encrypts data travelling across Wi-Fi networks and stops hackers from eavesdropping on communications
How serious is it?
It’s potentially very serious. However, that said it’s an area for concern rather than panicked alarm.
- Because the vulnerability is in the protocol itself, rather than any specific device or software, it means that all networks and devices using WPA2 are vulnerable.
- We can’t put a precise figure on the number of vulnerable devices but it’s likely to be in the tens of millions worldwide.
- WPA2 is used in home networks, small business networks and millions of Wi-Fi enabled devices especially smartphones, tablets and other mobile devices.
- In short, if a device supports Wi-Fi it’s likely to be affected.
Which devices does it affect?
The vulnerability affects a number of operating systems and devices including Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and others.
That said different devices and operating systems are impacted to differing degrees depending on how they implement the WPA2 protocol:
- Android 6.0 (Marshmallow) and Linux are among the worst hit due to a further bug that results in the encryption key being rewritten to all-zeros
- Apple iOS and Windows are among the most secure, since they don’t fully implement the WPA2 protocol.
However, all devices and software that uses the WPA2 protocol are vulnerable to some extent.
What can hackers do?
The flaw potentially allows hackers to carry out a range of attacks:
- Specifically these are decryption, packet replay, TCP connection hijacking and HTTP content injection among others.
These are technical terms but the impact is potentially the theft of:
- Credit card numbers
- Chat messages
- Photos and so on
How likely is this to happen?
It’s going to take time for potential hackers to get to grips with the flaws and how to exploit them. It involves hacking the cryptographic protocols and its complex, so we’re unlikely to see hacks within a day or so. Further:
- The attacker has to be physically close to the target.
- The flaw however does not compromise connections to secure websites, such as banking services or online shopping – accessing secure websites over Wi-Fi is still safe.
- Insecure connections to websites which do not display a padlock icon in the address bar should be considered vulnerable.
What does it mean for my router and other equipment?
- Many wireless routers are rarely updated.
- Find out the make and model of the home router and check the manufacturer’s website for updates.
- Contact the manufacturer or router provider directly if you can’t find any information and press them on when they are going to provide a patch and how you can apply it
- Companies such as Apple, Google, Microsoft and Linksys were made aware of the flaw at the end of August, giving them about six weeks to develop and apply patches.
- Relevant Microsoft updates will be applied automatically
- Google said it is aware of the issue and will be patching affected devices within a short time, that is, several weeks
What can I do?
- Don’t use insecure websites, that is, that those that don’t display the padlock symbol in the browser bar
- Don’t send sensitive information over a Wi-Fi network such as when accessing a banking website or when shopping online
- Use a Virtual Private Network (VPN). A VPN creates a secure tunnel between your computer and the internet protecting your data rendering the WPA2 breach irrelevant for your device. A VPN encrypts data as it travels from your device to the internet and back again making securing it against hackers.
If you’re a BullGuard customer you can take advantage of our partnership with one of the industry’s leading VPN vendors. Take advantage of the discounted offer today: Unlimited VPN