Even encrypted Wi-Fi can be hacked — here’s what you need to know

Even encrypted Wi-Fi can be hacked — here’s what you need to know
Your account logins may be at risk when on Wi-Fi andrey_l/Shutterstock
Your account logins may be at risk when on Wi-Fi andrey_l/Shutterstock

The internet’s never been completely safe, but now it’s your Wi-Fi’s fault.

Security researchers have discovered a flaw in Wi-Fi’s WPA2 encryption: the protocol that protects data sent over your Wi-Fi network. According to Ars Technica, a note sent to about 100 organizations from US CERT explained that WPA2’s weak point could allow for “decryption, packet replay, TCP connection hijacking, HTTP content injection” and more.

In short, hackers can undo WPA2’s protections and see where and how you’re surfing the web. The proof of concept is known as a key reinstallation attack (or KRACK).

Many pages — like email sites or bank login pages — use encryption to hide what you’re typing, usually denoted by the “https” in the URL bar. Hackers involved in KRACK attacks can break through this encryption to see what you’re typing anyway.

The site KRACK Attacks offers a video demonstration of what it looks like when compromising an Android phone.

An example of an attack Mathy Vanhoef/YouTube

At 3:13, the video shows just how vulnerable key reinstallation attacks make Wi-Fi users.

Wireless solutions are the primary way many gain access to the internet. Aside from waiting for a proper update, there isn’t much users can do to protect themselves. BGR notes that one solution is to use a wired connection like ethernet instead. Many modern computers ship without ethernet ports, but this can be resolved using an adapter.

Security expert Bruce Schneier, like many, are unsure of the proper solutions to get around the KRACK vulnerability — Schneier told Mic over email that there is no better option than WPA2 when it comes to browsing privately. Schneier notes, however, that mobile phones may come in handy — it could be possible that using your device on cellular mode may be a workaround, but it’s so early in discovering this exploit that we’re currently unsure.

Mobile security expert Will Strafach reminds us that, fortunately, the effects can be solved without throwing out your current devices. “It’s a legit problem, but can be fixed with a software update,” Strafach told Mic in a Twitter direct message. While a solution will eventually come, there’s little internet users can do but be patient. “At the moment, you are at the same amount of risk as you were yesterday,” said Strafach. In the meantime, definitely dig out that old ethernet adapter.