14 DAY TRIAL // The WPA2 (Wi-Fi Protected Access II) protocol that’s used by most Wi-Fi networks today has been compromised, and a way to intercept traffic between computers, phones, and access points has been found.
Today’s Internet and network connections rely on specific tools that are taken for granted, most of the time. From time to time, a way to compromise these protocols sends everybody running for the fences. Let’s just remember the OpenSSL problem, for just a moment.
Now, a similar problem has been identified in the WPA2 protocol that’s used by Wi-Fi networks. Whenever you connect your device to a Wi-Fi network, you are probably using the WPA2 security protocols, and you feel safe. Well, you shouldn’t feel safe at all. It turns out that the protocol is vulnerable and that communications between client and host can be intercepted.
WPA2 has been KRACKed
Security researchers have discovered a way to compromise the communications between a host and client that’s using the WPA2 protocol. According to a notification sent by US-CERT, via Ars Technica, says that “the impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others.”
The moniker for the attack is currently “KRACK,” although it not official just yet. And, as usual, there are good news and bad news, and the bad ones outweigh all the rest. The following vulnerabilities have been noted: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, and CVE-2017-13088.
This means that we should start to see patches for these problems soon, but it’s important to know that many of the devices we’re using today, like routers, for example, won’t get these patches.
How to protect yourself
If you’re worried about your router, there is nothing that you can really do about it. Check to see that if you get an update and if not be prepared to get a new one that’s protected.
The same goes for phones, tablets, PC, and all the rest. If you have an old device that’s not receiving updates anymore, you’re going to be exposed to this issue as well.
It’s important to mention that if you’re using a Wi-Fi network to browse a HTTPS secured website, you should be fine, but anything else is problematic.
Please keep in mind that this new KRACK attack is a major one and that you need to keep an eye on patches and your security for now on, for the devices you own and are using the WPA2 protocol.
Update:
More details have surfaced regarding the newly discovered vulnerabilities, and researchers have published all the details and proof of concept on what is now the official website.
