Wi-Fi security is an extremely important issue, but it’s been relatively quiet since the WPA and WPA2 security protocols were released in 2003 and 2004. These protocols encrypt the data between your device, router and network meaning that no hackers can see the information you’re giving and receiving when you browse. Up until now, that is.
Two postdoctoral researchers in cyber security, Mathy Vanhoef and Frank Piessens, published a paper on 16/10/2017. In the document, the pair detailed a way past the security we have all been using up til now, on every modern Wi-Fi network. All networks are currently secured by a ‘four way handshake’. When you join a protected hotspot to use the internet with a known password (for example, the password written on the back of your router at home) an encryption key is generated.
“The information between the device and network could be easily decrypted by the hacker”
This key ensures that all traffic between your device and the network is secure. However, a new technique discovered by these experts makes use of these encryption keys: a hacker in range of the hotspot could potentially trick someone into reusing a key that is already in use. The result of this is that the information between the device and network could be easily decrypted by the hacker.
“Every modern Wi-Fi network is susceptible to this hack”
Every modern Wi-Fi network uses this four way handshake, which means every modern Wi-Fi network is susceptible to this hack. Its name comes from the description above, a Key Reinstallation Attack, (KRACK attack for short). The information hackers would be after would be things like debit/credit card information and passwords, but chat messages and general internet activity are also unsafe. In addition to this, malware and viruses could potentially be injected into the network, compromising devices further.
Ok, so now what?
You most likely don’t need to worry about your home Wi-Fi; you’re only unsafe – for now – if a hacker is in range of your network, and it is highly unlikely a hacker would start targeting random households.
“Public hotspots are a no-go”
However, public hotspots are a no-go right now, even if they are password protected. That’s any cafe Wi-Fi, pub Wi-Fi, but most importantly, Eduroam.
But I’ve already connected to Eduroam!
If you’re in halls on Campus try to use an Ethernet cable: they don’t use the four way handshake so they are safe. Also, any information that is being sent on an address with https:// at the front is protected, because that is encrypted further – just look for the little green padlock and text at the start of the URL.
“Do a virus scan on any devices that have been connected to public hotspots”
In the meantime, you should make sure you have up to date malware protection and do a virus scan on any devices that have been connected to public hotspots. In addition to this, don’t buy anything off websites that aren’t secured by that padlock when you’re connected to Wi-Fi, as that is potentially giving out your bank details to anyone watching.
What else should I do?
You could always get a Virtual Private Network (VPN) which further encrypts your details if you’re extremely worried. Aside from that, just be aware, be wary, and keep an eye on phone and device updates coming out – this issue is so widespread and vital that tech companies are coming up with ways to further secure their devices. Updates should be out in no time at all.
“We have no way of knowing if this KRACK technique had already been used”
Overall, this highlights how vulnerable our data is in this online world. We have no way of knowing if this KRACK technique had already been used before it was discovered by Vanhoef and Piessens just this week. Whilst your home is unlikely to be attacked, the same cannot be said for our university.
“A vast number of them use Eduroam every single day”
There are over 50,000 students at our university, as well as thousands of staff, and a vast number of them use Eduroam every single day. Universities hold large amounts of personal and private information for students and lecturers alike: contact numbers, university addresses, home addresses and much more. This unprecedented flaw in the security of every Wi-Fi network is just the icing on the cake for potential malware attacks the university could face. All we can do as students is to stay aware and keep an eye out for security updates for our phones, laptops and other devices.
Featured image courtesy of Blogtrepreneur via Flickr.
Tech-savvy? Keyboard competent? Procrastinating? Why not send us an email at [email protected] to get involved!
Alternatively, keep up with the latest articles from technology to textiles on Facebook and Instagram.