WPA2 Protocol Flaw Exposes Your Wi-Fi Devices to Hackers

What is WPA2?

WPA2 is the standard way to setup a secured communication between your Wi-Fi devices, like your smartphone, laptop or Wi-Fi webcam, and your Wi-Fi router. WPA2 is supposed to establish a secure connection between your device and your Wi-Fi router using an encryption key. The WPA2 protocol ensures the key is only known by your device and the Wi-Fi router. Nobody else should have the key; if they do, they could decrypt your private data.

What is KRACK?

Recently, security researchers released KRACK — a way to trick Wi-Fi devices and routers into using a key (“nonce”) that is known to the attacker. Since the key is known to the attacker, the attacker can now silently capture and decrypt the communication between the Wi-Fi device and the router.

How does KRACK work?

KRACK Attacks: Bypassing WPA2 against Android and Linux

According to the author, KRACK works when the Wi-Fi device and router negotiates a new key. During the negotiation, the WPA2 protocol requires 4 handshakes. During the 3rd step, the device will install the key. Due to the nature of wireless communication, a device will try to install a key 3 times. The attacker can quietly listen to the previous negotiation process, and take a Man-in-the-Middle position, and trick the device and AP using a key during the 3rd step. Since the key is provided by the attacker, the attacker now can decrypt the communication between device and router.

Is KRACK only a problem for Android devices?

No. The attack is on the WPA2 protocol, meaning almost all devices that implement the WPA2 protocol correctly will be affected.

Should I change my Wi-Fi password?

No, changing your Wi-Fi password won’t help.

How to protect my devices?

• Avoid using public Wi-Fi: KRACK is a short range attack whose radius is ~ 100 feet (32 meters). Use mobile data if you want to be sure your connection is secure.
• Access HTTPS websites. The web browsing is encrypted even if it travels through an unencrypted connection.
• Utilize a trustable VPN to encrypt the entire traffic to add one more layer of security.

If your IoT system has many Wi-Fi devices and you are concerned about Wi-Fi security, consider NewSky Security’s IoT Halo system to make sure your connection is secure. IoT Halo uses VPN to encrypt all communication. IoT Halo can secure your devices and prevent them from being recruited by hackers into botnet. Learn More at https://www.newskysecurity.com/