HB Ad Slot
HB Mobile Ad Slot
WPA2 KRACK Attack
Tuesday, October 17, 2017

Several news reports today sounded the alarm that the WPA2 protocol, currently the most popular method of securing Wi-Fi communications, is vulnerable to the “KRACK” attack. Despite the amusing name, this vulnerability is extremely serious. 

KRACK stands for Key Reinstallation Attack. In essence, this attack tricks Wi-Fi enabled devices into reinstalling the “nonce,” which is a randomly generated, one-time numerical key used to encrypt communications between the targeted device and the router/gateway. Once the attacker has compromised this key, it can eavesdrop on the packets that are sent to/from the target device or, alternatively, it can forge packets to inject viruses or other malicious code onto a target machine.

Because this attack exploits the underlying protocol, neither changing your WPA2 password nor a strong password will provide protection. However, industry and security experts have indicated that patches and updates will be released soon, which should be installed. Perhaps a more long term problem exists in the untold number of legacy and unsupported devices that are Wi-Fi enabled and that may not be updated or at least updated in a timely fashion. 

What can people do to protect themselves? While some suggest that Wi-Fi should be a no-go zone for more sensitive information in the interim, most experts recommend making use of HTTPS and other end-to-end encryption mobile technologies (e.g., WhatsApp, iMessage, Viber, etc.) to offer some protection. End-to-end encryption should prevent an attacker from decrypting the ultimate payloads of Wi-Fi packets even if the attacker can decrypt them at the Wi-Fi level – in other words, decrypting a message only to find another encryption. 

HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins