For the last week, the web has been aflame with seeming panic over the revelation of a severe vulnerability in the WPA2 security protocol. Following weeks of other bad news in the tech security world, it would have been easy to believe that those plugged into the issues would begin feeling jaded about them. Instead, though, a passionate and rapid response began to circulate through the web. Despite widespread panic on social media, computer security experts all across the world began to address and disseminate information on the vulnerability that, rightfully, caused fear among users across the world.
How Was WPA2 Breached?
WPA2 protocols were breached by using what have now been named KRACKs. KRACK stands for key reinstallation attack, and it involves tricking routers, modems, smartphones, and computers into needing to reinstall their security keys. When this process is initiated, the hacker is able to force the devices to use expired keys, giving them complete access to all data traveling across the network.
Researchers who uncovered the vulnerability were able to then bypass HTTPS protocols, gaining access to banking information, app data, and information sent from computer software across all OS. Android and Linux devices were particularly vulnerable to KRACKs. According to research done on KRACKs, all devices using modern WPA2 protocols are vulnerable, meaning the revelation was earthshaking within computer security circles and beyond.
With Android and Linux Most Vulnerable, Who Is At Risk?
As mentioned above, the flaw is in the protocol, not in individual devices, though certain devices can be more vulnerable than others. However, despite widespread vulnerability, KRACKs can only be undertaken if an attacker is able to get within range of the victim’s Wi-Fi network. This puts a limitation on those who are at risk.
While attackers with a targeted vendetta could, of course, use KRACKs as a way to victimize private citizens, in truth those at greatest risk are users of public Wi-Fi and major private Wi-Fi networks. On heavily accessed networks, attackers can easily intercept large amounts of private data from many users at once. While it is unlikely that everyday users in their homes would be targeted, computer security in locations like coffee shops, airports, and workplaces could be subject to more dangerous data theft.
Is There a Fix? What Can a User Do to Protect Themselves?
While there isn’t a quick fix to the WPA2 vulnerability, there are a number of steps users can take in order to improve their computer security. First off, users should avoid passing any vital data over public Wi-Fi networks or major shared networks for the time being. For home networks, ensuring all router and modem firmware is updated is important, but users should also ensure they are using the latest version of their operating system. So far, it has been operating system developers who have acted the quickest on this particular issue of computer security.
Microsoft, Apple, and various companies distributing versions of Linux have already implemented countermeasures to help reduce the effects of the WPA2 vulnerability. A number of router manufacturers have also released updates designed to patch the vulnerability until a systematic change can occur.
What Makes This Vulnerability Unique?
As with the Equifax security breach, the WPA2 vulnerability discovery has brought conversations of systematic vulnerability to the forefront of computer security discussions. In this particular case, the vulnerability was not caused by a faulty machine, buggy program, or careless employee. Instead, the WPA2 vulnerability was caused by a complex oversight in the development of a security standard that is nearly universal for routers around the world. The vulnerability in WPA2 went undiscovered for years, which raises questions as to whether there might be other major breaches of computer security just waiting to happen.
In the story of the Equifax breach, it became apparent that placing the security of an entire system onto a single link in the chain of corporate command is irresponsible and unfair. In the current issue with WPA2, it is becoming apparent that the same rules for security standards. Users who hope to protect their data cannot simply rely on a single avenue of defense.
As a society, public viewpoints on computer security has always been tenuous. It is only recently that it became standard for cable companies to encrypt home Wi-Fi networks by default upon installation. Previously, it was very common to open your phone’s Wi-Fi menu and see handfuls of unsecured networks while walking down a neighborhood street. The sudden barrage of major information theft is making the public aware of the need for more stringent, teachable, and easily implemented security options.
While it has come at a great cost, the public at large is becoming more aware of issues of computer security, which means, hopefully, that the future will be one of secured, interconnected devices operated by educated users with multiple lines of defense protecting their private data.
If you want expert help securing your website, www.nixa.ca is the site you need to visit. Our team of professional developers can help you make the security decisions that will protect you for years to come.