Don’t Use Public Wi-Fi Without Protection. Ever.
TODO ?>The Internet is abuzz with news of the latest Internet vulnerability, this time in a ubiquitous place – Wi-Fi Networks. While we already knew just how insecure Wi-Fi networks were, this latest discovery is raising alarm bells for a great deal of people.
What Happened?
It was recently discovered and reported that WPA2 networks (Wi-Fi Protected Access 2 – the current industry standard that encrypts traffic on Wi-Fi networks) are vulnerable to cryptographic attack. As described by Wired, “A flaw in WPA2’s cryptographic protocols could be exploited to read and steal data that would otherwise be protected…vulnerability even leaves room for an attacker to manipulate data on a Wi-Fi network, or inject new data in.” This means hackers can intercept information of users on these networks including passwords, data and other sensitive details like financial information. The hacker must be within proximity of the Wi-Fi network to obtain this information, but considering the large number of WI-Fi networks worldwide there is certainly a widespread risk.
The vulnerability is being referred to specifically as KRACK (Key Reinstallation Attack), and comes as a weak point that occurs in the “four way handshake.” This article provides some helpful detail on the technical specifics.
What It Means for You
Not all devices are impacted – iOS and Windows are not vulnerable because of how WPA2 is implemented – and Windows has reportedly already fixed the vulnerability. The problem here is not fixing the bug, but fixing it on a grand scale on all impacted devices. Inevitably, a great deal of them will never be patched considering the huge number of IoT items, smartphones, routers and other devices in existence. While some users have automatic updates turned on many do not, leaving users responsible for implementing fixing manually – a practice that is never consistently implemented.
What Can You Do?
Unfortunately, some typical “quick fixes” will not address the issue. Common user actions like changing your password or purchasing a new router will not remedy the situation. In this case, the manufacturers or developers are responsible for releasing patches and applying.
So aside from sit around and wait for your device maker to offer an update or patch, what can you do? Here are a few ideas:
- Use HTTPS whenever browsing: HTTPS indicates a secured connection so even if there is issue with your WPA2 encryption this will protect you
- Ensure you update your devices and software regularly and enable auto-updates when possible (this is a good practice in general)
- Use a VPN! A VPN encrypts your internet connection, so even if your WPA2 connection is insecure it provides another level of protection to keep your information secure at all times
Additional Thoughts
While this discovery is certainly alarming, it is not really anything new. Public Wi-Fi networks are frequently insecure, and statistically about 1 in 4 of them area not secured. While vulnerabilities are never positive, this latest discovery only draws attention to the larger issue – the insecurity of our connections and our willingness to use these connections in general. We have always recommended people take precautions while using public Wi-Fi – whether that be using a VPN, or avoiding public networks altogether – they have always come with risks.
Learn more about the dangers of public Wi-Fi in our previous content pieces:
Using Public Wi-Fi? You May Be At Risk!
Wi-Fi Not: The Dangers of Public Wi-Fi
Sources: Ars Technica, Wired