The newly-discovered Wi-Fi security flaw puts devices connected to the network at significant risk of hacks.
Now, more than ever, it has become vital for users to consider what alternative methods they can use to secure information over the network. According to the researchers, an attacker within range of a victim can exploit the weaknesses using key reinstallation attacks (KRACKs).
“All protected wi-fi networks use the four-way handshake to generate a fresh session key and so far this 14-year-old handshake has remained free from attacks,” writes Mathy Vanhoef, from Belgian university, KU Leuven describing Krack (key reinstallation attacks).
“Every wi-fi device is vulnerable to some variants of our attacks. Our attack is exceptionally devastating against Android 6.0: it forces the client into using a predictable all-zero encryption key.”
>See also: Time to review your economy class Wi-Fi?
Simon Migliano, head of Research, Top10VPN.com explained the vulnerability of this weakness and highlights how consumers can look to protect themselves when using wireless Wi-Fi.
“Now that Wi-Fi security has been compromised, using any kind of shared network now severely risks your privacy – even if it is password-protected.”
“When you connect to the Wi-Fi in your local coffee shop or the airport, it’s now much easier for hackers to force you onto a cloned network that they control without you realising anything has happened.”
“With your internet traffic now exposed, it’s easy for hackers to steal your personal information. Even encrypted sites on HTTPS are not necessarily safe as in this kind of man-in-the-middle attack, hackers can neutralise the security from such sites allowing interception of log-in credentials.”
This ‘severe’ security flaw means that home networks will be under significant risk. Indeed, computer security experts are on high alert after it emerged encryption algorithms designed to protect people’s privacy online have been cracked.
“The easiest way to protect yourself is to use a Virtual Private Network (VPN),” continued Migliano. “This creates an encrypted tunnel between your device and a VPN server which then routes you onto whatever website or app you are trying to access. This means no-one else on the local network can see what you are looking at or intercept your private data. The best part is, it takes seconds to switch on this tiny piece of software on the device.”
“Using a VPN on open networks has long been common sense but with this new and severe security issue, using a VPN on any network is just as critical as using anti-virus software. Connecting to shared Wi-Fi without a VPN now is just asking for trouble.”
History repeats itself
In 2001 a vulnerability exposing the Wi-Fi security protocol WEP was cracked, and it was soon deemed unsafe to use. Storing personal data and using networks on this protocol was now longer an option.
“Here we are 16 years later and it appears the seemingly trusted protocol WPA2 is going the same way,” commented Mark James, security specialist at ESET. “WPA2 is currently the recommended option for securing your WI-FI network; the flaw, if successful, and if you’re not using any other advance features ( VPN, encrypted data etc) could enable a hacker to eavesdrop on your data and or possibly gain access to any unsecured shares available on the same network.”
“One of the biggest concerns here of course is getting routers patched- firstly getting the average user to check and apply any firmware updates and secondly, some older routers may not even have a patch available- the average household would acquire an auto-configured router, install it and forget about it, until possibly they change their internet provider. Here, they may go through the same procedure; too many people never check or implement router updates as it’s something often too complicated for the home user to be involved in.”
“This certainly highlights the need for additional safety precautions; always where possible, password protect your network resource shares, even if you don’t think anyone else would normally access it- after all it’s not the ones you know about that are the problem. If you can use a VPN to secure any private or financial traffic, that should secure your data from prying eyes.”
The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate