{"id":121551,"date":"2017-10-22T12:30:07","date_gmt":"2017-10-22T10:30:07","guid":{"rendered":"https:\/\/mygaming.co.za\/news\/?p=121551"},"modified":"2017-10-22T10:28:14","modified_gmt":"2017-10-22T08:28:14","slug":"what-you-need-to-know-about-the-krack-wi-fi-vulnerability","status":"publish","type":"post","link":"https:\/\/mygaming.co.za\/news\/broadband\/121551-what-you-need-to-know-about-the-krack-wi-fi-vulnerability","title":{"rendered":"What you need to know about the KRACK Wi-Fi vulnerability"},"content":{"rendered":"

EFF Deeplinks Blog<\/em><\/p>\n

This week security researchers announced a newly discovered vulnerability dubbed\u00a0KRACK<\/a>, which affects several common security protocols for Wi-Fi, including WPA (Wireless Protected Access) and WPA2. This is a bad vulnerability in that it likely affects billions of devices, many of which are hard to patch and will remain vulnerable for a long time. Yet in light of the sometimes overblown media coverage, it\u2019s important to keep the impact of KRACK in perspective: KRACK does\u00a0not<\/em>\u00a0affect HTTPS traffic, and KRACK\u2019s discovery does\u00a0not<\/em>\u00a0mean all Wi-Fi networks are under attack. For most people, the sanest thing to do is simply continue using wireless Internet access.<\/p>\n

\n

The limited privacy goals of WPA<\/h3>\n<\/div>\n

It\u2019s worth taking a step back and remembering why a cryptographic protocol like WPA was developed to begin with. Before the advent of Wi-Fi, computers typically connected to their local Internet access point (e.g. a modem) using a physical wire. Traditional protocols like Ethernet for carrying data on this wire (called the physical layer) were not encrypted, meaning an attacker could physically attach an eavesdropping device to the wire (or just another computer using the same wire) to intercept communications. Most people weren\u2019t too worried about this problem; physically attaching a device is somewhat difficult, and important traffic should be encrypted anyways at a higher layer (most commonly a protocol like TLS at the transport layer). So Ethernet was unencrypted, and remains so today.<\/p>\n

With wireless protocols it became much easier to eavesdrop on the physical layer. Instead of attaching a device to a specific wire, you just need an antenna somewhere within range. So while an unencrypted wireless network is theoretically no less secure than an unencrypted wired network, in practice it\u2019s much easier to set up an eavesdropping device. For some it became a hobby to drive or bike around with an antenna looking for wireless networks to eavesdrop on (called\u00a0wardriving<\/a>). In response, the IEEE (a computer and electronics engineers\u2019 professional organization) standardized an encryption protocol called WEP (Wired Equivalent Privacy). The name is telling here: the goal was just to get back to the relative privacy of a wired connection, by using encryption so that an eavesdropping device couldn\u2019t read any of the traffic. WEP was badly broken cryptographically and has been supplanted by WPA and WPA2, but they have the same basic privacy goal.<\/p>\n

Note that WPA\u2019s privacy goals were always very limited. It was never intended to provide complete confidentiality of your data all the way to its final destination. Instead, protocols like TLS (and HTTPS) exist which protect your data end-to-end. In fact, WPA provides no protection against a number of adversaries:<\/p>\n