This week, a new and wide-reaching vulnerability in the WPA2 protocol was found, sending most of the privacy-conscious world into a tailspin.
I know what you’re thinking right now. “WPA2. Where have I heard that before?”
WPA2, a.k.a. WiFi Protected Access II, is the protocol widely used to secure WiFi connections across the globe. This vulnerability means that attackers within range of a device connected to the internet via WPA2 may be able to intercept emails, passwords and other data, and could inject malware too.
The vulnerability is a proof-of-concept exploit, known as KRACK, for Key Reinstallation Attacks, and affects devices running Android, Linux, and OpenBSD, and macOS and Windows to a lesser extent.
Though WPA2 is 13 years old, it’s still thought of as the “new” protocol. Before, if you were connecting to WiFi, you had to consider whether it had the “new” or “old” protocols, as only one would offer real protection.
Now, as it turns out, the “new” protocol is broken too. So neither are truly secure—meaning that almost no WiFi hotspot is secure.
In the rather chilling words of researcher Mathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium:
The attack works against all modern protected WiFi networks.
ArsTechnica has a great breakdown of the details of the flaw here.
So what can you do?
Here at SurfEasy we’ve been saying for years that you cannot and should not rely on networks or WiFi hotspots to have decent security. Rather, you should take steps to ensure your devices with security that you know is up to scratch and up to date.
The Hacker News stated that “In short, if your device supports WiFi, it is most likely affected”—but this isn’t quite the case. If you use SurfEasy VPN, your device is wrapped up in bank-grade, state-of-the-art encryption before it is allowed to connect to any network, meaning that this vulnerability does not affect your device. If you keep SurfEasy VPN turned on and you use it on all your devices, you will be protected from this security flaw.
As technology moves faster, its even more important to take control of your privacy. Rollouts of updated, widely-used security protocols are rare and, as we’ve seen this week, can leave millions of devices at risk.
So what to do? Get a VPN. Keep it on at all times. Update it regularly. Don’t rely on WiFi networks to keep you safe. Protect yourself and your devices, and take your privacy back into your hands.