WI-FI HAS BEEN HACKED, AND IT IS A VERY BAD THING!
Wi-Fi, the wireless data transfer technology that everyone uses on a daily basis, is in trouble. The WPA2 security protocol – a widespread standard for Wi-Fi that is used on nearly every Wi-Fi router – has apparently been hacked.
The details on the hack, which is called KRACK or Key Reinstallation Attacks, are to be released on the site www.krackattacks.com, but according to a new advisory by US-CERT via Ars Technica, there are "several key management vulnerabilities" in WPA2, allowing for "decryption, packet replay, TCP connection hijacking, HTTP content injection." The worst part of it all? Well, these are "protocol-level issues," meaning that "most or all correct implementations of the standard will be affected."
Once more details are available on KRACK, we will know more, but if it turns out that one can use this exploit in a fairly simple and reliable way, then this will be one of the biggest online threats ever!
To understand why this will be a big threat, Wi-Fi used to be secured with a standard called WEP, which was found to be vulnerable to a multitude of attacks, many of which do not require the attacker to have a physical address to the Wi-Fi equipment or even be connected to the network. If your Wi-FI is protected by WEP, there is a choice of simple mobile and desktop apps that crack your password in seconds (no matter how long or complicated it is).
Due to these security issues WEP had, it was replaced with WPA and later with WAP 2, which is far more secure. Though there were ways to crack a WAP2-protected Wi-Fi router, if your password was long and complicated enough, it made it a lot harder or nearly impossible to do.
One hacking tool, called Reaver, can track WPA2-protected routers no matter what password, but it is fairly easy to protect your router, you simply turn off a feature called WPS.
If this latest vulnerability is similar to the way WEP is vulnerable, which it looks like it might be at the moment, then it will not matter how strong your password is. This would make hundreds, if not millions of routers out there, open to hackers.
If you care about security, you should not use Wi-Fi at all until it is fixed. At the very least you should use HTTPS connections, wherever possible and a good VPN might add another layer of security.
Fixes to these types of things do not come easy. Some routers will probably get a firmware update, but a lot of home users might not know how to apply it or be aware that this is a threat.
We'll know more about the announcement soon, so stay tuned for updates.