Petteri Pyyny
17 Oct 2017 3:58
Researchers from Belgian university KU Leuven have managed to find a way to break WPA2 encryption used as the "strongest" encryption available in WiFi networks. They published their findings yesterday and now the security organizations across the globe are trying to find ways to curb the problem.
Researchers managed to break the WPA2 encryption by using so-called KRACK (Key Reinstallation Attack) attack against the encrypted network. Breaking the network encryptyin isn't exactly a trivial one, as it requires installing a WiFi router with fake MAC address and to place that router within the WLAN network's reach.
Those most in danger now are the corporations that handle sensitive data within their networks and transfer messages within their own WiFi network without further encryption, relying on WPA2-encrypted network.
Thus, security organizations now recommend that eveyrbody who handles sensitive data and transmits that within a WiFi network should start using SSL/TLS (basically, all web connections that are used for, say, intranet, should use https), SSH and VPN connections.
Basically all WiFi networks should now be treated as non-secure and shouldn't be used to transmit sensitive data within or from them without further encryption.
The findins were released on this site by the researchers, detailing the specifics behind the flaws in WPA2.
WPA2 isn't used on mobile data networks.
EDIT: Some operating systems have already been updated to overcome some of the vulnerabilities found by the researchers. But despite originally publishing their findings in May, 2017, still all major operating systems have at least some problems with the vulnerability - including Windows 10, macOS, iOS, Linux and Android.