Although more details will be given today from 2pm, it seems that some serious vulnerabilities have been detected in the WPA2 Wi-Fi protocol , one of the most common and used in the world. If the worst auguries are confirmed, it would be a big problem at all levels: from for individuals to companies.
According to the US-CERT , one of the United States organizations on cybersecurity, the impact of taking advantage of these vulnerabilities extends to:
[…] decryption, packet repetition, TCP connection hijacking, HTTP content injection and others. Note that since these are protocol-level issues, most if not all implementations of the standard will be affected.
How does it affect users?
To demonstrate what these vulnerabilities can cause, a team of researchers has created a simulation under the name of ‘KRACK’ ( Key Reinstallation Attacks ) . Up to 10 vulnerabilities or CVEs have been detected , some of which are explained in this video:
The implications of the most widely used Wi-Fi standard in the world having serious vulnerabilities are that an attacker who is physically close to your network or router could consult your Internet activity or intercept unencrypted connections (passwords that you enter on websites without the HTTPS or videogilance systems that you have connected to the cloud).
Most likely, the provider of your router or operating system have to launch a security patch to address these vulnerabilities. Until everything is clarified, make sure to browse HTTPS websites (such as Gentata or Engadget) and, just in case, protect yourself using a good VPN .
Also take into account all devices connected to the network and sending data: any smart-home device may be susceptible to these vulnerabilities. From a speaker to a thermostat, we recommend that you look for security updates when everything is clear.
Companies, big losers
However, and as we could see with WannaCry ransomware attacks , the big losers are companies.
Due to the lack of control and bureaucracy in the processes , not all companies update the security patches in cases like this, so it would not be surprising that even after warning of serious vulnerabilities such as those of WPA2, many companies do not take any action, with the great risk involved for your data and business.
If you are a systems administrator or responsible for security at the software level of your company, very attentive to the news of this case. By affecting the protocol level, you can not leave it for later or do nothing if you do not want your company to be exposed to possible attackers.
About2ZF77
