I’m going to start this off at the end. Because the WPA2 protocol opens doors to attackers, update all of your devices with the latest software provided by each respective manufacturer.
What’s going on?
As you may have heard, a vulnerability in the WPA2 protocol has been discovered by researcher Mathy Vanhoef of imec-Distrinet. What Mathy learned is that if you manipulate the WPA2 protocol of a wireless network, one can effectively place themselves between your wireless network and the sites and services you are visiting.
To be clear, it is not known if anyone is already using this method of attack on any network. But, almost everyone who has a wireless network, and is using the WPA2 protocol to secure connections, is at risk. This does not mean you have been hacked. It means you are at risk of being hacked.
“The attack works against all modern protected Wi-Fi networks.”, he writes in his blog post on the subject.
To know what to do about it, we first need to understand how it works. In his post, Mathy provides us with a video of the exploit. I’ve posted it below.
In his paper, Mathy also notes that it becomes relatively easy to collect data from Android and Linux devices. He later clarifies that macOS and OpenBSD systems are easier to attack than previously thought. While there is no mention of the Windows operating system, it would be foolish to consider these as safe. The takeaway here is that the issue is not simply a variety of routers, or a specific make of computers. The issue is the WPA2 service that manages a layer of security between computers and routers.
How do I make it go away?
OK, so how can one protect themselves from an attack? Easy, check with your manufacturer of all your network devices, computers, smartphones, tablets, refrigerators… and be certain that you have the latest firmware, and operating system updates installed. It is also suggested to update the software and firmware of any and all routers in your home.
Take a minute to read Mathy’s post. He provides a lot of details and answers some basic questions about the vulnerability. Don’t be a victim, update all of your devices with the latest software provided by each respective manufacturer. If you don’t know how, reach out to your device manufacturers or a reputable IT company to help you.