WiFi WPA2 protocol flaw discovered (Key Reinstallation Attack). What to do.
As we tweeted on Oct 17, 2017, a major WPA2 flaw has been discovered by Mathy Vanhoef of KU Leuven in Belgium. WPA2’s cryptographic protocols could be exploited to read and steal data that should be secure.
“Any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available,” Vanhoef urges. “If your device supports Wi-Fi, it is most likely affected.”
What we know:
- At the time of this writing, there is no known patch from any manufacturer.
- Every WPA2 device is affected.
- Would be hackers need to be within wifi range to actually use this flaw.
- Manufacturers are working on a software and firmware fix for recent devices.
What to do to protect yourself from the WPA2 flaw:
- Install all updates as they become available
- Make sure the SSL connection is secure at all times (using HTTPS doesn’t switch to HTML mid-transaction)
- Avoid using public wifi or at the very least avoid secured transactions while on public wifi connections.
- Use a wired connect and turn off the wifi on your device if possible.
Feel free to send us your thoughts and comments.