It sometimes seems that when the media covers the world of technology security, it throws itself from breathless reporting on one terrifying vulnerability to the next. Short of inspiring responsible vigilance in the average user, this kind of coverage can contribute to a certain degree of paranoia, or worse, numbness to the vulnerabilities that can endanger our data and privacy. The news this week was of a vulnerability discovered by a tech research group that means many Wi-Fi networks may be susceptible to attack and hacking. So, what does this news mean for you and what steps can you take to make sure that your home and office networks are secure?
- What is WPA2?—The vulnerability you may have heard about this week—named “KRACK” or Key Reinstallation Attack—is a weakness within WPA2. WPA2 is now the most common type of Wireless network security. Short for Wi-Fi Protected Access 2, WPA2 is a system used for encrypting wireless networks and uses a password to unlock the encryption for users. When it is working properly, this means that someone within range of a WPA2 network who does not have the password can see the traffic being transmitted on the network, but it is all scrambled with high level encryption.
- What is “KRACK?”—The vulnerability in question, without going into too much technical detail, would require an attacker to be within range of the wireless network to intercept a one-time use key that is sent from the router to a user signing onto the network. The good news is that that the window for this vulnerability is pretty small—the attacker needs to be physically close and go to great lengths to intercept and utilize the one-time key to break the encryption. Though the researchers who found the vulnerability discovered it months ago, there is little evidence that anyone has been using it to carry out attacks. Of course, the internet being what it is, there are already YouTube videos online that seek to teach would-be hackers how to use this weakness.
- What is being done to stop it?—Tech giants Apple and Microsoft have already released patches that help to address the security vulnerability. This latest story is yet another reason that we always urge users to keep their devices up to date with the latest updates. Many router manufacturers have developed or are developing firmware updates to close the security loophole. The biggest vulnerability right now is probably for mobile devices currently using the Android operating system.
- What should you do?—The chances that you will fall victim to this sort of attack are very slight, given the logistics required to launch it, but if you want to stay on the safe side, there are some steps you can take. Android users especially should try to avoid using Wi-Fi in public places like coffee shops, airports or other businesses and instead stick to your mobile data. It is also, as we stated previously (and many times in the past) a good idea to make sure that you have the latest updates on all your devices and that you are only using devices and operating systems that are still receiving active software support from software companies. The other critical safeguard you should consider is simply ensuring that critical data is not kept on a single device with no backup—there is always the potential for a device to be lost, damaged or breached and if that happens, you will save yourself a world of hurt by having a backup in the cloud or on an external device.
The takeaway from the news of the “KRACK” vulnerability is really the cementing of truisms when it comes to technology: It always pays to be careful and take your security seriously, but no matter how secure you are, there is no substitution for vigilance, maintenance and a good backup. The final takeaway of course, is that if you are unsure of what to do, it is always best to turn to an expert. If you have questions about your Wi-Fi security or anything else, you can always contact the techs at Mankato Computer Repair.