WPA2: is your Wi-Fi network at risk?
Proof-of-concept code exposes wireless security flaw
TWO BELGIAN RESEARCHERS have published details of a serious flaw in the WPA2 protocol, which helps keep Wi-Fi networks secure. Mathy Vanhoef and Frank Piessens of the Katholieke Universiteit Levuen in Belgium say the vulnerability makes it easy for hackers to steal passwords, read the content of emails, intercept bank details, or even insert ransomware and other malicious content into TCP packet streams — and no network is safe without being patched.
To prove the point, Vanhoef and Piessens produced a proof-ofconcept code called KRACK (Key Reinstallation AttaCK), which is able to exploit the four-way handshake used between client devices (such as your iPhone or Mac) and the WPA2-protected Wi-Fi network they’re connected to. The researchers even set up a website at krackattacks.com, which explains the WPA2 flaw in more detail.
While it seems Android and Linux operating systems are particularly badly affected, macOS, iOS and tvOS are vulnerable too — just not to the same extent. Apple has already included a patch for the WPA2 flaw in its latest security updates: macOS High Sierra 10.13.1, Security Update 2017-01 Sierra, Security Update 2017-01 El Capitan, iOS 11.1, tvOS 11.1 and watchOS 4.1. We recommend you update your devices as soon as possible to make sure you’re protected. More details on the security updates can be found at bit.ly/sec_update. Apple’s current AirPort Extreme is not believed to be affected. However, older routers from third-party brands are likely to be vulnerable — unless they’re patched with a firmware update too.
Until you’ve updated your devices, your best bet would be to avoid using public Wi-Fi, or use a Virtual Private Network (VPN) to encrypt your data before it’s transmitted. You should also try to use sites that have https:// encryption, and connect to your router using an Ethernet cable.