Beware: Connecting to a WPA2 Secured WiFi is Not Safe

Yolanda Curtis
October 20, 2017

It then resets the key and allows the encryption protocol to be test this loophole, researchers launched an attack and found that all modern protected Wi-Fi networks are vulnerable to this.

Traditionally, when security analysts discover vulnerabilities on software services and hardware products, they inform the affected company so the latter can issue the needed security updates before the vulnerability is made known to the public. A set of vulnerabilities has received the common name "KRACK" (Key Reinstallation Attack). This handshake ensures that the client and access point both have the correct login credentials for the network, and generates a new encryption key for protecting web traffic. WiFi networks record the MAC address of connected devices, these MAC addresses can easily be carbon copied to impersonate the mobile devices.

"Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted", said Vanhoef.

Attackers who successfully exploit the weakness - and mercifully that is hard to do, say experts - can cause havoc in a variety of ways. The data could include usernames, passwords, credit card details, emails, and more.

But Wired says there is "a glimmer of hope" in pioneering new mesh-network routers with less convoluted user interface and an auto-update function.

While there are no reports of the flaw being exploited now, the security flaw can be exploited on a larger scale to cause a mass attack.

Connections to secure websites, virtual private networks (VPN) and SSH communications are still safe, because the attack is unlikely to affect the security of information sent over the network that is protected in addition to the standard WPA2 encryption.

Vanhoef added that more work will be needed to prevent similar vulnerabilities in the future. Others like Google and Apple are expected to issue patches soon.

The Wi-Fi Alliance, which provides security information for Wi-Fi devices, said the issue can be resolved through straightforward software updates, "and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users". According to the company, users who apply the update or have had it installed through automatic updates to their devices will be covered.

Other reports by iNewsToday