November 19, 2017

November 17, 2017

Subscribe to Latest Legal News and Analysis

November 16, 2017

Subscribe to Latest Legal News and Analysis

WPA2 KRACK Attack

Several news reports today sounded the alarm that the WPA2 protocol, currently the most popular method of securing Wi-Fi communications, is vulnerable to the “KRACK” attack. Despite the amusing name, this vulnerability is extremely serious. 

KRACK stands for Key Reinstallation Attack. In essence, this attack tricks Wi-Fi enabled devices into reinstalling the “nonce,” which is a randomly generated, one-time numerical key used to encrypt communications between the targeted device and the router/gateway. Once the attacker has compromised this key, it can eavesdrop on the packets that are sent to/from the target device or, alternatively, it can forge packets to inject viruses or other malicious code onto a target machine.

Because this attack exploits the underlying protocol, neither changing your WPA2 password nor a strong password will provide protection. However, industry and security experts have indicated that patches and updates will be released soon, which should be installed. Perhaps a more long term problem exists in the untold number of legacy and unsupported devices that are Wi-Fi enabled and that may not be updated or at least updated in a timely fashion. 

What can people do to protect themselves? While some suggest that Wi-Fi should be a no-go zone for more sensitive information in the interim, most experts recommend making use of HTTPS and other end-to-end encryption mobile technologies (e.g., WhatsApp, iMessage, Viber, etc.) to offer some protection. End-to-end encryption should prevent an attacker from decrypting the ultimate payloads of Wi-Fi packets even if the attacker can decrypt them at the Wi-Fi level – in other words, decrypting a message only to find another encryption. 

© Polsinelli PC, Polsinelli LLP in California

TRENDING LEGAL ANALYSIS


About this Author

Shareholder

Aaron Levine helps clients create new businesses and grow existing businesses through the creation of new structures, joint ventures and complex commercial contracts.  He counsels clients when navigating or negotiating complex agreements relating to all forms of intellectual property – patents, trademarks, copyrights and trade secrets – and assists them create and execute strategies for intellectual property growth, monetization, due diligence or acquisitions.  

Aaron also serves as outside general counsel for clients having a heavy emphasis on...

713-571-3446