A major new vulnerability has been announced today that breaks all wireless networks. This is a serious issue that requires everyone’s attention, as you are affected by this security flaw.
What is Affected
WPA2. The technology used to create a secured connection between your wireless devices and the network.
Who is Affected
Every device that uses wireless (wifi) connections.
What Happened
A method has been found that allows an attacker to setup their own wireless network which looks to your device like the trusted network it usually connects to, AND forces your device to connect to it and not the real trusted network.
Why it’s Bad
We’re not talking about one vendor screwing up. This is a flaw in the way the technology was designed to work from the very beginning. Every vendor that implements WPA2 (and all wireless device vendors do) uses the same core technology. It’s that core technology that is broken.
The attacker can now see everything you’re doing. Every file you transmit online. Every picture you send/receive. Every website you visit. In addition, the attacker can install malware on your device, in some cases can break the HTTPS security of sites you visit.
What You Do Now
Right Now the only thing you can do is crank up your vigilance.
1. If you can, use a hard-wired connection to your network.
2. Turn off WiFi on all devices.
3. Where you absolutely must use WiFi, make sure any websites you connect to are secured. Different makes/versions of web browsers have different methods of confirming a website’s security. Make sure you understand how your browser does this.
4. If you do other online tasks, such as transferring files, video, chat, phone calls, etc, understand the tools you use and verify the security for them isn’t broken. (Really, it’s best to not use WiFi for these tasks until this problem is fixed.)
5. VPN software will encrypt all your data, so if you absolutely must use a wireless device, get a good VPN software right now.
Short to Long Term: Make sure you keep up with the vendors of all your devices. Routers, Cell Phones, Laptops, Desktops, anything and everything that you use to connect to a network via WiFi will need to get an update from the vendors of the hardware. It will take some time for these updates to roll out, though some vendors have already released some updates. We’ll be dealing with this for a long while. Until you have installed an update from the vendor that specifically addresses this issue, consider that device unsafe for WiFi.
The Good News
This is a very targeted attack. This attack requires the attacker to close to the target. Because this a WiFi-based attack, your device has to be within wireless range of the attacker – a few hundred feet at best.
This vulnerability was announced today. More information will come out over the next few days to weeks. Stay tuned.
If you’d like more details, check out these articles:
https://www.krackattacks.com/#paper (Original source that found the security hole)
https://www.schneier.com/blog/archives/2017/10/new_krack_attac.html
