WPA2 stands for “Wi-Fi Protected Access 2.” is the second version of WPA, a technology used for secure Wi-Fi connections. Most Wi-Fi devices created after 2006 support both WPA and WPA2.
WPA vs WPA2
Both WPA and WPA2 provide encrypted data transmission over a Wi-Fi link. Both require a password of at least 8 characters in length. Technology differs in the way it encrypts the data.
WPA uses the Temporary Key Integrity Protocol (TKIP) to dynamically vary the encryption key exchanged between the access point and the linked clients. The constantly changing key offers more reliable authentication than the previous WEP wireless encryption standard. WPA2 further enhances CCMP Wi-Fi authentication, the “Cipher Block Chaining Message Authentication Code Protocol,” which includes a 128-bit key.
WPA uses the same RC4 encryption method as WEP, which is known to be poor encryption by modern standards. WPA2 includes AES (Advanced Encryption Standard), which is considerably stronger and more difficult to hack. AES encryption is provided by 128, 192 and 256-bit keys.
Is WPA2 not Secure?
On 16 October 2017, a statement issued by the International Consortium for the Advancement of Cyber Security on the Internet (ICASI) alerted the industry to a number of WPA vulnerabilities in WPA and WPA2. This means that your wireless network and devices are not safe and action is needed to fix this flaw.
These vulnerabilities are protocol-level and impact a broad number of wireless infrastructure products and wireless clients across a wide variety of vendors. This security vulnerability means that WPA and WPA2 encrypted Wi-Fi traffic are no longer safe for vulnerable clients and access points until certain measures are taken to remedy the problem. The Wi-Fi data stream, including passwords and personal data, can be captured, decrypted, and updated without the knowledge of the user.
The bug, known as KRACK, affects WPA2, a security protocol that is commonly used in most modern Wi-Fi devices.
In certain cases, a hacker may use KRACK to insert malware such as ransomware into websites, according to KU Leuven’s Mathy Vanhoef, a researcher who discovered WPA vulnerabilities. Vanhoef’s findings were published early Monday morning at the Ars Technica tech site.
What is KRACK
KRACK is the acronym for Main Resettlement Attack. It involves an attacker reusing a one-time key that is issued when a client computer tries to connect to a Wi-Fi network. This could allow the hacker to decrypt the information being shared between the access point and the client computer, which could expose personal details such as bank account numbers, messages and passwords, as Vanhoef notes.
This is how the WPA Vulnerability works as described on Vanhoef’s website: a mechanism known as a four-way handshake takes place when a computer joins a protected Wi-Fi network. This handshake guarantees that both the client and the access point have the correct login key for the network and creates a new encryption key to secure web traffic. The encryption key is installed in step three of the four-way handshake, but often the access point sends the same key back if it suspects that the message might have been lost or dropped. Vanhoef’s research shows that attackers can effectively force the access point to install the same encryption key that the intruder can use to attack the encryption protocol and decrypt the data.
Who is affected
Any computer that uses WiFi is used, such as smartphones, laptops and tablets, but in particular Android and Linux operating systems.
Creative Folks is currently reviewing all of our managed services to customers’ networks and computers and collaborating with key vendors such as Watchguard, Datto, Microsoft, Apple and others to define and prepare a proposal to submit patches to fix the situation.
For those of you with WiFi networks at home, please contact your system provider and make sure that you update them as soon as possible. If you’re not sure what to do or want to learn more, please don’t hesitate to contact our Creative Folks team and we’ll be more than happy to assist you.