If these hackers They don’t let us live alone! Do you remember the entry on the safety of the wifi network where did we say that WPA2 should be used as an encryption method? Well, this week a new vulnerability in wifi networks that would affect WPA2 encryption has been reported. Not all technical details have yet been revealed as will be officially submitted on 1 November but we already have some very worrying data:
– The attack, called Key Reinstallation Attacks (Krack) would allow a possible intruder to be within the reach of our wifi, capture packages that are traveling through the network (credit card numbers, emails, photos, etc.) and even insert new packages (such as viruses).
Vulnerability affects ALL devices using Wifi I mean, phones, antennas, laptops…
– At the moment there is no patch or update, so you have to wait…
What’s most scary about all this is that the update has to come from the manufacturer’s hand… that is, our mobile and our computers will soon receive an update to address this vulnerability, but What about devices that cannot be updated? We talked last week. about the life cycle of updates and how there are some mobile phones that can no longer be updatedbut What about the router of our house, for example?
ng > It must also be updated… provided that the manufacturer releases that update our router may be working perfectly with WPA2 for 5 years and the manufacturer considers it obsolete and does not release the update, forcing us to change it if we want to ensure the privacy of our network… or our connected TV… or our watch-babies… or the garage camera… or the wifi of the hotel where we are on vacation… I mean, over the next few months we will see a lot of updates for a lot of devices connected to wifi networks But we’ll also see attacks on dispositiv
you are not updated, so once again I recommend you update as soon as the manufacturer allows you to download the update and review in the coming weeks that your devices (especially the router) can be updated Otherwise it’s probably worth replacing the device… it’s probably the best time to change that iPhone 4S that no longer gets updates, that Samsung S4 that has stayed on Android 5.0 or that router that I installed us with Ono 6 years ago and that has not given any problems but has never been updated.
What can we do until then?
We can obviously use the usual cable to keep our vulnerability from affecting us, but as that is, in our day to day, unpractical, We should make sure that all the pages we access are available via https (yes, this blog is, don’t worry: D). Now more than ever we should make sure of this so we can be a little quieter until the manufacturer of our devices (Apple, Google, Microsoft, Cisco, Linksys,…) release the update and update each and every one of them.
On this occasion, changing the wifi password will do us no good. We must bear in mind that the attacker will not be able to access our network to navigate, that is, he will not be able to ‘steal the wifi’, but he will be able to capture all the traffic to run through it.