Most devices on Wi-Fi use one protocol to keep your communication secure. It’s called WPA2, and it has just been hacked. Much like last month’s Equifax breach the effect is so widespread the question is not whether you’ve been affected (you should assume you have), but what to do next. Also like the Equifax breach, the vulnerability was discovered months before it was actually disclosed to the public. So how do you limit your exposure in the latest breach? There are two actions you should be taking in light of the WPA2 vulnerability:
1. Install your patch updates: Primary targets for this vulnerability are Android and Linux devices, but macOS, iOS and Windows devices are impacted as well. Every Wi-Fi connected device should be updated once patches are issues, including your routers. Here is a running list of routers that have already patched the issue. Unfortunately a lot of older Internet-connected devices aren’t properly supported with regular software updates, which highlights the importance of the second rule to remember…
2. Keep sensitive traffic off Wi-Fi: It’s not advised to send your banking info, SSN or other sensitive data over any open Wi-Fi network (at a coffee shop for example.) The new reality is that no Wi-Fi network should be assumed to be safe, open or password-protected. While your device might be patched, the router you’re connecting to might not be. If you must use Wi-Fi stick to secure websites (check for https) at the beginning of the URL, but remember that wired connections are more secure.
So how does it work?
When a device joins a Wi-Fi network both the network and the device receive an encryption key to keep all of that device’s traffic safe. It turns out that key can be spoofed, which KRACK (short for Key Reinstallation Attacks) does. This allows all information sent over that Wi-Fi signal to be decrypted and viewed by a third party.
This wasn’t the first widespread vulnerability and it won’t be the last. Data breaches are an unfortunate part of the information age, and knowing how to limit your exposure is key.
If you still haven’t taken action after last month’s Equifax breach, check out John Oliver’s (always great) recap and action items…