By Shane Curtis
The WPA2 encryption scheme has been broken leaving
Wi-Fi connections open for would-be attackers who could use an attack to read
information that was previously believed to have been secure because it was
encrypted.
‘KRACK’ or Key Reinstallation AttaCK, as it has
been labeled, means third parties could eavesdrop on a network meaning private
conversations might no longer in some circumstances be so private as Wi-Fi
traffic passing between computers and access points could be picked up by
cybercriminals that are within range of the Wi-Fi of a potential victim.
This will be a major problem for companies and
their IT departments as they scramble to protect themselves. Fortunately, for
them, they should have experts within their teams that should be able to get to
grips with the issue.
Unfortunately, those that might suffer most from
the WPA2 issue could be family and friends who have older routers at home or in
small businesses, that are desperately in need of firmware upgrades. However,
Alex Hudson over at alexhudson.com has some sage advice for those who might
fear for all things internet related if these rumors are indeed true:
“Secure websites are still secure, even over WiFi;
think about setting your computers to “Public Network” mode – that increases
the level of security on the device relative to “Private / Home Network” modes.
Remember, if third parties can get onto our home networks, they’re no longer
any safer than an internet cafe; if you’re paranoid about your mobile, turn off
WiFi and use mobile data when necessary; it sounds like no similar attack
against ethernet-over-mains power line is possible, so home networks based on
mains plugs are problem still ok; keep computers and devices patched and
up-to-date.
ESET senior research fellow David Harley says of
Hudson’s advice, “treat your own network as if it were a public network and
configure your computers accordingly. Many home users would probably not be
unduly inconvenienced that way, or will at least be able to work round likely
difficulties, but businesses, even relatively small ones with a single small
LAN, would tend to be hit harder”.
It is hoped that large vendors will be able to
release new firmware that will diminish the impact that ’KRACK’ will have.
The question will arise though: Do we now need
WPA3? Well the short answer is not yet. Thankfully the issue can be addressed,
and be patched in a backwards-compatible manner. This will mean that WPA2 will
not need to be replaced just yet.