Critical Vulnerabilities Found In Common WPA2 Wifi Security Standard
Researchers at KU Leuven released research that details widespread vulnerabilities in WPA and WPA2 standards that secure most wi-fi connected devices. Named KRACK or key reinstallation attacks, attackers use these vulnerabilities to read private information that would normally be safely encrypted and sent out over the internet. For example, if a user makes an online purchase using their credit card, the attacker could view this information. Additionally, attackers could use these vulnerabilities to inject ransomeware and other harmful maleware onto user’s devices depending on the user’s network configuration.
Here is a demo of the exploit in action provided by the security researcher who discovered the vulnerabilities:
The vulnerabilities detailed in WPA2 through the KRACK exploits affect everything from wireless access points, wireless routers, as well as smart devices such as smart thermostats and lights.
In the coming days to weeks, vendors of affected devices will issue new firmware and software patches to address the issue. A list of vendors and the status of the availability of patches to fix this issue can be found here. This means that users will need to do the following:
-Update their router and wifi device firmware – This includes any and all wifi devices such as smart TV’s, routers, thermostats and other internet connected devices
-Update their operating system
–Install plugins such as HTTPS Everywhere – By installing this plugin into your browser will be forced to use the more secure HTTPS standard in the browser. However please note this has been found to be bypassed with these vulnerabilities in a number of instances so it is not a sure fire route to protecting WPA2 traffic against KRACK.
Until updates are available, using a hard wired ethernet connection to your router is the only guaranteed way not to be affected by these wifi vulnerabilities.
If you have any more questions on how to protect yourself better please contact your neighborhood computer store today or call us at (706) 955-0601