Wi-Fi security has evolved to the extent that most modern routers are set up to be secure with strong encryption methods, built-in firewalls and other security measures devised to protect you from malicious attacks. But what happens when those encryption methods are broken?
That's exactly what has happened, after Belgian researchers at KU Leuven University broke the WPA2 security protocol. WPA2 is used to protect the majority of Wi-Fi connections in the world because it is the most secure method available for general use.
The exposed flaw, which researchers are calling 'Krack' (Key Reinstallation AttaCK), leaves wireless traffic vulnerable to potential eavesdropping with malicious intent.
Security expert Mathy Vanhoef explains that information previously presumed to be safe and now at risk includes credit-card numbers, passwords, chat messages, emails, photos and more. Depending on the network configuration it is also possible that "an attacker might be able to inject ransomware or other malware into websites", he says.
Should I be worried about WPA2 security?
Not only does a Wi-Fi attack need to be in proximity, but it's unlikely that you're sending a large amount of information over the web that relies solely on WPA2 for protection. The https protocol used on many secure sites adds another layer of protection, for example, as would the use of an encrypted network afforded by a VPN such as NordVPN (Read our round-up of the best VPNs for more.)
However, you should be particularly mindful of the padlock icon in your browser's address bar: if a padlock is not visible, indicating its support for https, then there is a possibility any data you enter will be viewable until the flaw is fixed.
Although wireless routers are rarely updated, it's important to install the patches for your other devices as and when they become available to ensure security on other networks warn the researchers.
Vanhoeuf claims no devices or software were immune to the weakness, though due to how they implement WPA2 security iOS and Windows were found to be among the most secure, while Android 6.0 Marshmallow and Linux are the least secure.
Companies have been aware of the flaw since late August, so patches should be coming in the next few weeks.
Which wireless security standard should I use?
Modern routers usually have Wi-Fi security (a password) enabled by default, but they also use various protocols for encryption of the data you send across the web. Here are some of the terms you'll see knocking about for consumer-grade Wi-Fi:
Sign up for Computerworld eNewsletters.