What is WPA2?
Many routers, including my own, utilize the Wi-Fi Protected Access II (WPA2) security protocol to protect wireless local area network communications. Depending on your level of familiarity with adjusting router settings—or the number of times you’ve been walked through a troubleshooting session by an ISP—you may at least have seen the WPA2 initialism.
Why should you care about WPA2?
There’s somewhere else you may have learned about WPA2: news reports detailing a Wi-Fi security vulnerability.
In mid-October, news outlets ranging from Ars Technica and Wired to Forbes and Fortune reported the results of research that found WPA2 networks were vulnerable to a Key Reinstallation Attack (KRACK) security exploit.
The short explanation is that KRACK grants an attacker access to otherwise protected wireless communications and individual devices or, in certain cases, put malware onto websites.
Credit card information? Stolen.
Pictures from your Bahamian cruise? Stolen.
Given the numerous ways that cybercriminals can try to get access to your private data, don’t doubt that this is another vector they will try to exploit. But don’t panic. Remember, we learned about this vulnerability due to the work of researchers who are trying to prevent events like WannaCry and the Equifax breach.
Is your router vulnerable to KRACK?
Yes, your home and work networks are probably affected by the WPA2 vulnerability. It’s is a fairly common protocol deployed by a wide variety of manufacturers. Luckily, if you’re running a current version of either the Apple or Windows operating system, the risk might be minimal. The problem is that Linux and Android operating systems are definitely vulnerable, which means a dizzying number of smartphones from a wide range of manufacturers could be compromised.
Is there a fix for the WPA2 vulnerability?
The good news is that the WPA2 vulnerability can be patched. The bad news is that it has to be done on a case-by-case basis due to the way that individual manufacturers implement the protocol. It’s entirely possible that different products from the same manufacturer will receive patches at different times.
ZDNet published a list of companies that have patched or were in the process of patching the WPA2 vulnerability on October 17. Apple released an update on Halloween that, among other things, fixed the KRACK vulnerability for some devices, and Microsoft patched the vulnerability shortly after it was made public. If you’re not sure whether your devices have an available patch, it would be a good idea to start contacting manufacturers.
As KRACK, WannaCry, and other recent security breaches and vulnerabilities have highlighted, there are many steps we have to take to keep our private data safe.
Ryan Norton, Contributor