Any decent tech guy knows that WPA2 has been officialy broken using an attack called KRACK. What does this mean? It means that any WPA2 network can be attacked with a Man in the Middle Attack, providing that the attacker is close (or has a device close) to you. Ouch!
This reminds me back in the day where FireSheep was still a thing. This allowed any user to Hijack any unsecured Wi-Fi and browse the user’s session. This now means that WPA2 is now as secure as Unsecured Wi-Fi since any data travelling on WPA2 can potentially be sniffed out.
Allright then, what does it mean for me, as a consumer? This means that at the moment, one cannot fully trust that no-one is listening on his WPA2 network. This also means that we need HTTPS now, more than ever! Why? Simple, because this means that if the user does indeed get a hold of your traffic, he still would not make any sense of it since it’s being encrypted! VPNs now also play a good role here; one can use a VPN to make sure that any traffic that he generates (even HTTP traffic) is indeed encrypted.
If you’re connected to a network and not using HTTPS (or the HTTP protocol in general), unfortunately, you’re out of luck. You can’t safely rely that no-one is listening on your data. This means that if you’re running some Wi-Fi enabled camera, make sure that it’s either running a secure (HTTPS based for example) protocol, or just turn it off.
Fortunately, this issue is not persistent – a software update can be handed out in order to address this issue. Software vendors have already been notified on how to address this issue, it’s just a matter of waiting for said vendors to issue a fix.
In short, don’t assume that you’re safe if you’re running WPA2; the only way to encrypt your traffic is by encrypting it (HTTPS / VPN). Read more in depth on this hack here.
One thought on “We need HTTPS – Today more than ever! – Avoiding the KRACK Wi-Fi Attack”
Great article. People should also keep in mind that both Microsoft and Apple have already fixed this vulnerability some days ago before the exploit was publicly disclosed but they withheld disclosure until other vendors could develop and release updates.
So now is a good time to remind everyone of the importance of keeping their boxes up to date!