• BONGO IT BLOG

The WPA-2 WI-FI Vulnerability

WI-FI Router

The "secure" Wi-Fi standard has a huge flaw making millions of people at risk, including you! WPA-2 is the defacto standard security protocol for wireless devices like your phone, and router. If you have ever set up a Wi-Fi network you will have ticked the WPA2 box, either by default, or by recommendation.

 

When Was The Vulnerability Found?

The vulnerability was first found by Mathy Vanhoef and his team from KU Leuven. He found what is now known as "KRACK". It is less so a result of faulty or poor programming but more of a fundamental issue in how the entirety of the wireless WPA-2 security works.

WPA-2 works on a "handshake" system. This is where a key is sent to the Wi-Fi router from the connecting device and then another key is returned so that the device can connect. These keys are unique, making the connection secure as only one device can connect with one set of keys.

Luckily Windows and iOS will not be too badly affected by the discovery as they handle WPA-2 differently from other devices. Android 6.0, Linux and macOS will all be at risk, however.

How Does It Work?

When two devices connect they talk to each other and provide a secret key to one another, the flaw is that this code can be made to be issued twice, once to the device it should go to, and once to a device introduced by the hackers. This allows more than one device to connect, for example, to your router.

Once the code has be received then the hackers can use it to discreetly inject data, including viruses, as well as monitor and listen to all communications over the network.

The only known drawback for attackers is that they will need to be in WI-FI connection range to exploit it. And until a patch is released then that could be the only thing stopping them.

What Can I do?

Due to the nature of this flaw, changing your password will not keep attackers out. We strongly recommend updating your Firmware now to patch this flaw. Speak to the supplier of your equipment and ask for a Firmware patch, if they cannot help you, call us! We have been able to patch our customers' managed WI-FI within 48 hours of being made aware of the vulnerability, with zero impact on our customers.

 

Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Horticulture House Conference Facilities
Annoyed with US-English spell checking in Outlook?
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 17 December 2018
  • FREE IT STRATEGY SESSION

  • At Bongo IT, we know that technology is increasingly dominant and crucial to maintaining business performance and productivity.

    Organisations should make sure they are making the right IT decisions for their current needs, whilst also planning for the future with flexible and scalable solutions.

  • As a special offer, we are offering a FREE one hour consultation to address your current IT setup and recommend an effective strategy for your future requirements.

    Addressing issues such as computer hardware, broadband, data security, file sharing, compliance and more, we’ll help you build a plan and ensure you deploy the most cost-effective IT strategy for your company’s needs.

CONNECT WITH US

READ OUR BLOG

So here we are, waiting for Microsoft to iron out the bugs before we delve into the new exciting features Windows 10 brings to us. Here are those new features i...
Before going into detail about these bugs the first thing to know is the lifecycle and nomenclature of Windows 10 products. When we talk about updates, we use n...
You have been running your business / charity / CIC on mostly free software and are getting by, so do you really need to invest in a "centralised system"? ...
As you are probably aware, new laws under the general data protection regulation (or GDPR) are now in full force. In our previous blog we covered two-facto...
Two Factor Authentication (2FA) is a quick and easy way to greatly increase your level of security when logging into your systems. Two factor authenticatio...