Security Protocol That Protects Majority of Wi-Fi Connections Has Been Hacked: How to Protect Yourself
October 2017 by Marty Kamden, CMO of NordVPN
The security protocol currently used to protect the vast majority of Wi-Fi connections has just been broken – meaning that hackers who are within physical range of someone’s home can crack anyone’s Wi-Fi password, spy on their Internet activity and intercept any unencrypted data streams.
This is due to a severe flaw in WPA2 protocol, and the proof-of-concept exploit is called KRACK (Key Reinstallation Attacks). It allows hackers to eavesdrop on any Wi-Fi traffic passing between computers and access points.
The US-CERT has recently distributed an advisory to about 100 organizations, warning that the discovered weakness can allow an attacker to decrypt network traffic from a WPA2-enabled device and hijack connections. Depending on the network configuration, it is also possible hackers could inject and manipulate data. The attack works by exploiting a four-way handshake used to establish a key for traffic encryption. During the third step of the process, the supposedly unique key can be resent multiple times. If a hacker can get it resent in a certain way, they can reuse it in a manner that completely undermines the encryption.
“Past experience shows that these types of vulnerabilities don’t get easily fixed,” said Marty Kamden, CMO of NordVPN. “Home Wi-Fi users are especially vulnerable, as they do not have enough information how to deal with the threat. ISPs can take years to switch to routers with a safer protocol. That’s another situation where users should take their Internet security into their own hands. Everyone should assume that their network is now vulnerable, and take precautions. Virtual Private Networks – VPNs – remain the strongest defense form these types of vulnerabilities.”
A VPN will add an extra layer of security on the entire device by rerouting one’s online data through a ‘tunnel’ secured with military-grade encryption, ensuring that no third parties can eavesdrop on it. However, a VPN will not help if configured on one’s router. A user’s devices must be connected to VPN from within your network.
“Internet users should also look for firmware patches for their routers. Depending on their configurations, they could be potentially exploited,” added Marty P. Kamden.