WPA2 Vulnerability and IoT: How To Protect Yourself From KRACK

Most Wi-Fi users are under the misguided notion that all it takes to protect against malicious hacks is an encrypted password and theoretically, that should be enough. As such, we spend time encoding passwords and blindly trusting that our Wi-Fi networks and the information we share on them are secure.However, the reality is very different and a lot scarier than most people realize as proven by discoveries of WPA2 vulnerabilities. An even bigger problem is that majority of users are not tech savvy and therefore, don’t understand the vulnerabilities, exploits or even how to protect themselves against such threats as the KRACK attack. The risk is even greater with the increased adoption and integration of the IoT. This article endeavors to explain the WPA2 vulnerability, the KRACK attack, and ways to protect oneself.

What is the WPA2 vulnerability and KRACK?

To understand the WPA2 vulnerability and how to protect against it, one must first understand what WPA2 is. Wi-Fi Protected Access II (WPA2) is one of the most widely used Wi-Fi security and encryption protocol. It is far stronger and more secure than its predecessor WPA, which was adopted to replace and eliminate the vulnerabilities in Wi-Fi Equivalent Privacy (WEP).

WPA2 vulnerabilities are exploits that exist in the coding, encryption or transmission, allowing unauthorized access and enabling malicious attacks. Most of these vulnerabilities take advantage of security protocols set in place to protect the network, allowing the hacker to take control of the network and gain access to the information shared via the network with or without the user’s password.

The recently discovered Key Reinstallation Attack (KRACK) attack is one of such exploits that takes advantage of a flaw in the WPA data transmission standard. It is neither reliant nor affected by the Wi-Fi hardware and firmware implementation. Therefore, it can affect any network across any platform as long as it uses the WPA protocol.

How can the KRACK attack exploit the WPA2 vulnerability in IoT devices?

The KRACK attack is a replay attack. These are attacks that exploit how data is transmitted across a network. In the case of KRACK, it takes advantage of the four-way handshake in WPA transmission. The four-way handshake is a network authentication standard that allows for the establishment of encrypted data files used in the data transmission across a Wi-Fi network. These data files include a nonce and the Mac addresses of the endpoints in the transmission. The problem is that the same values are used in between the third and fourth handshakes. A hacker in a KRACK attack can, therefore, send the third handshake of one device to generate values. Since the encryption is similar, the hacker can then identify the blocks of data with shared content or values and use this to identify the encryption keychain. The more the data is resent, the more the keychain is exposed.

Most IoT devices leverage the use of wireless networks in their data transmission. Consequently, most devices make use of the WPA2 security and encryption protocol to secure their data. This, therefore, exposes a majority of the IoT devices since all that is needed is access to the four-way handshake in a device, which is fairly easy to get.

How to protect your IoT devices

1- Use a premium VPN

For an attacker to exploit vulnerabilities in your network, he/she has to first identify and gain access to it. There are various ways in which a VPN is useful in mitigating against WPA2 vulnerabilities. One of these is encrypting your data. All your traffic is routed through secure servers, thereby hiding and consequently protecting all the information that would be required to hack into your Wi-Fi network. Even in the event that the attacker identifies your VPN, he/she still has to go through high levels of encryption to get to your actual identifying information, which is virtually impossible and way too much of a risk to take.

2- Update your firmware

Most device and software manufacturers are already aware of the problem and have come up with security patches that aim to solve it. Of course, in the coming future, we expect to see a lot more independent tools tackling the problem but for the moment, it is prudent that you update your firmware. Where possible, your device should be set to allow automatic software updates since this places you in a better position to get the latest security updates from your manufacturer.

3- Avoid unsecured Wi-Fi networks

Open Wi-Fi networks are a delight, but they are also a great risk. Since you can never be sure about the security of an open network, it is best to avoid it altogether. Connecting to an open network basically invites anyone with the expertise, to take a crack at your device and information. If you have to use an open connection, ensure that you install a VPN, an antivirus and a firewall in your devices.

The takeaway

It is impossible to prevent the occurrence of such vulnerabilities and attacks. As such, it is up to every individual to always take active measures against them. The current trend suggests a continued increase in the adoption and integration of the IoT and it would be naïve to assume that information is secure, without taking any action towards securing it.

I'm a Young Energetic Tech Blogger and Digital Marketing Expert. When not at work, Love to play Games.