WPA2 security issues pose serious Wi-Fi safety questions
Created: 2017-10-20 03:43:30
The WPA2 encryption scheme has been broken leaving Wi-Fi connections open for would-be attackers who could use an attack to read information that was previously believed to have been secure because it was encrypted.
‘KRACK’ or Key Reinstallation AttaCK, as it has been labeled, means third parties could eavesdrop on a network meaning private conversations might no longer in some circumstances be so private as Wi-Fi traffic passing between computers and access points could be picked up by cybercriminals that are within range of the Wi-Fi of a potential victim.
This will be a major problem for companies and their IT departments as they scramble to protect themselves. Fortunately, for them, they should have experts within their teams that should be able to get to grips with the issue.
Unfortunately, those that might suffer most from the WPA2 issue could be family and friends who have older routers at home or in small businesses, that are desperately in need of firmware upgrades. However, Alex Hudson over at alexhudson.com has some sage advice for those who might fear for all things internet related if these rumors are indeed true:
“Secure websites are still secure, even over WiFi; think about setting your computers to “Public Network” mode – that increases the level of security on the device relative to “Private / Home Network” modes. Remember, if third parties can get onto our home networks, they’re no longer any safer than an internet cafe; if you’re paranoid about your mobile, turn off WiFi and use mobile data when necessary; it sounds like no similar attack against ethernet-over-mains power line is possible, so home networks based on mains plugs are problem still ok; keep computers and devices patched and up-to-date.
ESET senior research fellow David Harley says of Hudson’s advice, “treat your own network as if it were a public network and configure your computers accordingly. Many home users would probably not be unduly inconvenienced that way, or will at least be able to work round likely difficulties, but businesses, even relatively small ones with a single small LAN, would tend to be hit harder”.
It is hoped that large vendors will be able to release new firmware that will diminish the impact that ’KRACK’ will have.
The question will arise though: Do we now need WPA3? Well the short answer is not yet. Thankfully the issue can be addressed, and be patched in a backwards-compatible manner. This will mean that WPA2 will not need to be replaced just yet.
About ESET
ESET®, the pioneer of proactive protection and the maker of the award-winning ESET NOD32® technology, is a global provider of security solutions for businesses and consumers. For over 26 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32 technology holds the record number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. In addition, ESET NOD32 technology holds the longest consecutive string of the VB100 awards of any AV vendor. ESET has also received a number of accolades from AV-Comparatives, AV-TEST and other testing organisations and reviews. ESET NOD32® Antivirus, ESET Smart Security®, ESET Cyber Security® (solution for Mac), ESET® Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world.
ESET recently updated its two-factor authentication (2FA) application, adding a secure validation to weak and static user passwords. This updated version of ESET’s 2FA application provides flexibility and deeper integration of 2FA into bespoke applications, making it the best cost-effective solutions for SMBs everywhere.
The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Jena (Germany), Prague (Czech Republic) and Sao Paulo (Brazil). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia) and an extensive partner network for more than 180 countries. For more information visit https://eset.version-2.sg/ or follow us on Facebook.