How many of you have been advised to secure your Wifi network to stop persons from gaining access to your private information.  WPA2 (Wi-Fi Protected Access 2) is the current industry standard that encrypts traffic on Wifi networks and has been the WiFi option for security since 2004 and these networks are everywhere!!

It has now been revealed that our secure WiFi network is no longer secure.  They are now subject to what is called a Key Reinstallation AttaCK or KRACK attack.  In this attack you are tricked into reinstalling a key that is already in use.

This is done by manipulating and replaying handshake messages.  (techcrunch.com).

A handshake is needed when a computer communicates with another device like a modem or printer (en.wikipedia.org), or in the case of the internet another computer.  The problem has been identified in the WPA2’s protocol called “four-way handshake.” It is in the generation of a new encryption key that the attacker tampers with messages being sent.  (wired.com).

This “Four way handshake” vulnerability means that there are possible KRACK attacks for most WiFi enabled devices out there which includes Android and Linux devices.

However most current versions of iOS and Windows are not vulnerable because of the way Apple and Microsoft has implemented their WPA2 standard.  Their implementation prevents resends of the third handshake message (Wired.com).  For more information about specific products consult the database of CERT/CC (techcrunch.com)

Unfortunately for consumers changing your password or getting a new router would not protect against KRACK attacks.  To protect yourself it is advised to continue using the WPA2 protection for the protection it does provide but install updates for your devices as soon as they come out.  Also you should only share sensitive data with sites that use HTTPS encryption.

As a recap the article notes the following:

1. Wifi Networks secured using WPA2 encryption is vulnerable to a KRACK attack
2. Changing my password or buying a new router will not protect against this attack
3. Continue using the WPA2 encryption
4. Install device updates as soon as they are released
5. Only share sensitive data with sites that use HTTPS

If technology articles such as these are of interest to you, please enter your email address below.  Your subscription is free and gives you access to our monthly newsletter, telecommunications or technology articles published as well as telecommunications promotions that are run from time to time.

https://www.wired.com/story/krack-wi-fi-wpa2-vulnerability/

https://en.wikipedia.org/wiki/Handshaking

 

Social Media Messages

Security Breach in your Wifi Network.  Here is what you can do.   (Facebook & Google plus)

With so many persons accessing the internet using Wifi can we do anything to keep safe from the KRACK attack (Facebook & Google plus)

With so many persons accessing the #internet using #Wifi can we do anything to keep safe from the KRACK attack (Twitter)