WPA2 KRACK leaves your device vulnerable on every WiFi network

Wi-Fi Protected Access II (WPA2) has been proven to be insecure – leaving your device vulnerable on pretty much all wireless networks, whether they are public or private. The WPA2 KRACK, a Key Reinstallation Attack, was discovered by Mathy Vanhoef and Frank Piessens of imecDistriNet, KU Leuven. More details about the vulnerabilities can be seen in their WPA2 KRACK detailed paper. The same caution that internet users have long been told to exercise when using public WiFi networks must be used on any WiFi network – because wireless security is currently cracked.

Encrypting with a VPN is the easiest way to protect your device when using a WPA2 “protected” WiFi network. Alex Hudson explained the security ramifications of a cracked WPA2 protocol concisely:

“What this means: the security built into WiFi is likely ineffective, and we should not assume it provides any security.”

WPA2 KRACK makes waves in internet security and privacy world

How did this WPA2 vulnerability go unnoticed for so long and fall through the cracks, so to speak? Dr. Matthew Green from Cryptography Engineering noted in a blogpost titled “Falling through the KRACKs”:

“If you’re looking for someone to blame, a good place to start is the IEEE. To be clear, I’m not referring to the (talented) engineers who designed 802.11i — they did a pretty good job under the circumstances. Instead, blame IEEE as an institution.”

The revelation that WPA2 is broken means that all wireless network should be considered vulnerable – which was always a safe default assumption anyways. Public WiFi security isn’t just for public WiFi hotspots anymore. Now, your home network and the older devices are just as vulnerable to attack. Whether you’re using wireless publicly or privately, making sure that your traffic is encrypted by using a VPN is now an essential startup step. The media has taken note of the sorry state of WiFi security.

Jerry Hildenbrand from Android Central summarized your best option:

“If you have a paid VPN service that you trust you should enable the connection full-time until further notice.”

Like this article? Get notified by email when there is a new article or signup to receive the latest news in the fight for Privacy via the Online Privacy News RSS Feed.