A security flaw in the WPA2 standard used to protect Wi-Fi connections may make just about every wireless network in the world vulnerable to attack. Discovered by security researcher Marthy Vanhoef and initially teased some 50 days ago, the bug is called the KRACK, or Key Reinstallation Attack and breaks WPA2 by forcing it to reuse keys used for encrypting the connection.
This is a bug that was predicted by some security researchers in 2016, according to Gizmodo. At the time they suggested that it would be possible to predict the WPA2 security key because of a weakness in its number generation. By spamming a network with authentication requests, a hacker could look at all the responses and draw a conclusion about the content of the keys, thereby breaking its protections.
Because of the wide use of WPA2 security on just about every home and business network device all over the world, this creates a real security headache for everyone. Not only are routers and switches affected though, but there are millions upon millions of internet of things devices which will be much harder to update to fix this problem.
The hope is that with Vanhoef's delay in publishing the viability of the bug, it's possible that security researchers and hardware manufacturers have already created updates that will soon roll out to their products worldwide.
Of course, there's also a possibility that that's not the case and that this could be the end of days for the WPA2 standard. In the past, the WEP encryption method was cracked to the point where it became useless and was superceded by WPA and WPA2 in subsequent years. It may be that we need a new standard now that this one has been proved far less effective.
Moving forward, at the very least you should get ready to update your router's firmware, as it's possible your manufacturer will have a patch in the very near future.
Image source: Encryptedruler/Wikimedia
