Wi-Fi Security has been hacked! (or at least weakened under very specific conditions)
In October, 2017 a University of Leuven researcher named Mathy Vanhoef showed how the attackers within the area of a legitimate wireless network could intercept and decrypt wireless transmissions. This is similar to a man-in-the-middle attack widely known in cyber security circles.
Current Wi-Fi uses WPA2 (Wireless Protected Access v2), the most secure Wi-Fi security protocol. Now, some Wi-Fi devices using WPA2 can have their transmissions decrypted or allow malware to be injected. Meaning, hackers can intercept & decrypt traffic from connecting devices thereby collecting people's passwords, credit card information, pictures and more, or implant malicious scripts into websites.
- Even many newer Wi-Fi enable devices are vulnerable. This includes smartphones like Android & iPhone.
- Be concerned about home wireless devices - home security systems, streaming players like Roku, wireless routers, Internet of Things (IoT) devices like Alexa, gaming systems can be targeted and so much more. Some of these may never receive patches from the vendor.
How to protect?
- Most responsible companies will provide patches soon so you can patch as soon as possible.
- Create a list of things requiring Wi-Fi updates. Request all vendors to supply updates.
- Always avoid using public Wi-Fi - because proximity is an issue and public Wi-Fi is always insecure.
- When browsing look for pages showing HTTPS (Chrome marks non-HTTPS web pages as "Not Secure" and Mozilla Firefox warns users when attempting to enter information into such forms.
Two small measures of comfort: Wi-Fi passwords are not compromised so hackers can't secretly join your home network and the hacker must be within radio frequency distance.
**An important note: the campus wireless network was patched with the vendor’s security update during ITS' emergency maintenance window on October 16, 2017.
More Information About KRACK Wi-Fi Hack
If you're interested in learning more read these articles.
- Motherboard. Lucian Constantin. KRACK For Dummies - What you need to know to protect yourself from the new KRACK Wi-Fi attack.
- Forbes.com. Zouhair Belkoura, CEO & Co-Founder, Keepsafe Software contributor to Forbes Blog. How to Protect Your Wi-Fi Devices from the Krack Vulnerability
- Varonis Blog. Michael Buckbee, Varonis Data Security. https://blog.varonis.com/krack-attacks/?utm_campaign=krack-attacks%2F&ut...
- AZFamily.com. What you need to know about the KRACK Wi-Fi hack.
- Time | Tech (video & article). Everything With Wi-Fi Has a Newly Discovered Security Flaw. Here's How to Protect Yourself.