Wi-Fi security thoroughly compromised by new KRACK attack
TIME TO PATCH ALL THE THINGS, PEOPLE.
WPA2, or Wi-Fi Protected Access, has for years been the standard security protocol for keeping our wireless connectivity safe. That safety net, we were informed, was just an illusion, thanks to one expert’s discovery of a vulnerability on the WPA2 four-way handshake security protocol. Mathy Vanhoef has dubbed the exploit KRACK — Key Reinstallation Attack — and it’s found in practically every Wi-Fi device used today.
Once this knowledge was made public, US-CERT (Computer Emergency Readiness Team) issued a global warning, saying, “The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others,” meaning connections could be prone to simple eavesdropping to a full-blown hijack.
Fortunately the large internet companies have already patched up the KRACK. Microsoft was the first to send out security updates to fix the problem, followed soon after by Apple, with Google currently addressing the issue. In the meantime, Wi-Fi Alliance, the non-profit organisation that certifies devices for Wi-Fi security, has promised to start testing for this exploit as part of its standard program.