Wireless routers usually comes with various encryption technique for your wifi devices. It is lately discovered the widely used WPA2 is now compromised. Hackers have found a way to manipulate the cryptographic elements behind the security, according to Mathy Vanhoef of KU Leuven, a university in Belgium.
The issue is with the security standard itself rather than individual devices, but it can affect those devices that are connected to a Wi-Fi network.
Vanhoef found that operating systems such as Google’s Android, Apple’s iOS, and Microsoft’s Windows could all be affected.
The WPA2 protocol works in a 4 way handshake, the first step is the password while the next is the encrypted keys are generated. The KRACK attack manipulate this process through what is known as a key reinstallation attack (KRACK).
“This is achieved by manipulating and replaying cryptographic handshake messages,” the researchers wrote.
The researcher said vendors of products that were affected were notified around 14 July. Vanhoef then disclosed the vulnerability to the United States Computer Emergency Readiness Team (CERT), which sent out a notification to vendors on August 28.
What users can do is to wait for their router firmware to be updated when the patches are ready. Patch up the flaw and one should be safe. Alternatively, going through a VPN would also help to encrypt the data and that adds another layer of protection. Even if your data packets are sniffed, it is encrypted.