Borisov assures that patches should be sufficient defense against "Krack" Wi-Fi attack

10/25/2017 Joseph Park, ECE ILLINOIS

The hack exploits a flaw in the WPA2 Wi-Fi encryption system by tricking devices into reusing onetime encryption settings across multiple messages.

Written by Joseph Park, ECE ILLINOIS

Recently, researchers at a Belgian university discovered that many Wi-Fi enabled devices are vulnerable to a hack nicknamed "Krack" which exploits a flaw in the WPA2 Wi-Fi encryption system by tricking devices into reusing onetime encryption settings across multiple messages, allowing attackers to decode them. However, experts say not to worry too much. “For most people, just making sure you patch your devices when you can is probably the right answer,” ECE ILLINOIS Associate Professor Nikita Borisov said in a recent Fast Company article. "Temporarily switching away from Wi-Fi to wired Ethernet or cellular connections is probably overkill for most users," he added.

Nikita Borisov
Nikita Borisov
“I think that we have seen over the past number of years much wider deployment of end-to-end encryption that works on the higher protocol layers, and that would certainly protect a lot of your communication," he said.

Users of computers and phones that run iOS, Android Windows, Linux, or Wi-Fi hardware from companies such as Cisco and Ubiquity Networks can potentially be affected by this hack. However, many of those companies have already begun to issue security patches and new devices that seek certification by the Wi-Fi Alliance will be tested for vulnerability. 

According to researchers from Katholieke Universiteit Leuven, "Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on."

Although it is more likely that this kind of hack would be directed at businesses than your personal home router, the Krack attack gives app makers and website operators an incentive to ensure that they are using secure encryption themselves so that data can stay protected regardless of laws in local networks. 

Find the original article on the Fast Company site. 


Share this story

This story was published October 25, 2017.