A security researcher has revealed serious flaws in the way that most contemporary Wi-Fi networks are secured. Discovered by Mathy Vanhoef from the University of Leuven, the vulnerability affects the protocol “Wi-Fi Protected Access 2”. Otherwise known as WPA2, this encrypts the connection between a computer or mobile phone and a Wi-Fi access point to keep your browsing safe.
Because this security can be cracked, it’s possible for someone to read what is transmitted on the network, allowing them to intercept passwords or credit card details, or to inject malicious code when users visit websites. Fortunately, there are some steps you can take to keep your internet traffic safe.
Dubbed the “key reinstallation attack” (KRACK), Vanhoef’s discovery has the most serious implications for devices running the Android operating system, especially version 6.0 and above, and devices that use Linux.
But don’t freak out just yet: although almost every device that uses Wi-Fi is vulnerable, KRACK can only be deployed in certain circumstances. And there are some simple steps you can take to help keep your internet traffic safe.
What is WPA2, anyway?
Most secured wireless networks use the WPA2 security protocol. It allows users to login to a network and keep their communications secured.
The encryption process uses a set of secret keys that are agreed to between the connecting device and the wireless access point. These keys are used to scramble messages on the network and provide protection against someone sitting in an internet cafe, for example, and listening in on messages between laptops and the wireless router.
WPA2 was created to address weaknesses in previous protocols used to secure wireless networks, such as the Wired Equivalency Privacy (WEP) and the first version of WPA. Until now, it was arguably more secure.
How does KRACK work?
The KRACK attack requires the attacker to be physically close enough to a Wi-Fi network to perform a “man-in-the-middle” attack.
As anyone who works in a school or childcare centre will attest, Australian parents come up with some pretty weird names for their offspring - including Google, Tron and Hippo. While most names are reluctantly approved by the state or territory's Registry of Births, there are a few that you just can't get away with.
The government's My Health Record (MHR) system promises to bring together a bunch of different healthcare data so that a trip to the hospital or doctor won't require lots of information being recorded over and over again.
It should reduce some costs as healthcare providers can access pathology and other analyses without repeating tests and will simplify how we deal with some agencies. But it's also being implemented in a pretty ham-fisted way, with everyone's consent assumed unless they opt out. I've been looking at the system. Here's what I'll be doing.