Rumors began Sunday night, but by Monday morning the worst omens have come true. Belgian researcher Mathy Vanhoef has discovered very serious vulnerabilities in the security of the Wi-Fi networks present in all the routers of the world. Thus, it is confirmed that all wireless networks with WPA2 protection are unsafe to attack.
WPA2 (Wi-Fi Protected Access II) is the replacement of WPA and WEP, security systems that broke more than a decade ago. It is the security system that makes without the password of the Wi-Fi network, cannot be accessed. Fortunately when WPA was broken WPA2 was already being prepared, but this time there is no replacement.
It has been given the name of KRACK (Key Reinstallation Attacks) and the final information will be made public throughout the day. A demonstration will be seen at a security event on November 1.
KRACK is the combination of up to ten vulnerabilities. In one way or another, it would spy on the communications of a protected Wi-Fi network. Whether it is in your home or in your business and regardless of the equipment being used, the researchers have been able to verify the vulnerabilities.
The good news is that some operating systems are better prepared than others. For example, there are already security patches for Linux. The bad news is that 41% of Android phones are vulnerable to attack.
Google has confirmed that it will launch a security update on November 6, but not all mobile phones will receive it as many manufacturers do not update their computers after a while.
According to Vanhoef, on Android it is very worrying because “it makes it trivial to intercept and manipulate the traffic sent by these devices”.
What does it mean to you?
Whether you have a Wi-Fi router in your home, connect to your work, college, university or cafeteria, the security of that router has been broken. This does not mean that they are going to spy on the conversations or the data that are transmitted. It requires being close to the network and knowing these vulnerabilities, something unlikely.
Neither changing the router password nor buying a new one will fix anything. This is a problem in the security system base of all Wi-Fi networks in the world. For now, there is not much you can do.
How will millions of Wi-Fi networks be upgraded?
This is not going to be easy or cheap.
Some router manufacturers have begun working on security patches to upgrade their devices, but it is not ruled out that the problem is so serious that some models need to change chips. If this finally happens, millions of devices will have to be interchanged, something that could happen in any case, since it is cheaper than sending updates to hundreds or thousands of different devices.
The operator who has put the Wi-Fi router in your house is the last responsible for sending an update. But the way this industry is set up is so disorganized that it will take months to launch a patch for these devices.
It is the responsibility of the operators to communicate to all their customers the updating procedure. If you have purchased a router on your own, visit the manufacturer’s website or check for periodic updates.
Operating systems such as Windows, MacOS, iOS and Android are expected to release updates to fix these vulnerabilities, so be sure to update whenever a notice is posted.