Belgian researchers said on Oct. 16 that the WPA2 security encryption protocol has been cracked.
If you have one or two friends in the circle of friends, then he must have been forwarded in the relevant news yesterday. Maybe you are not concerned about this news full of technical terms, unless we change the saying:
You can connect to the vast majority of WIFI in the overnight are not safe, and even you through their own home router WIFI Internet, are likely to be hacking.
Security expert Mathy Vanhoef said: "The vulnerability affects many operating systems and devices, including Android, Linux, Apple, Windows and so on. & rdquo;
This concept validation attack is called & quot; KRACK & quot; (key reload attack), detailed crack method and video demokrackattacks.comPublished on the website.
What is WPA2?
WPA called Wi-Fi Protected Access, WPA and WPA2 two standards, is a protection of wireless network security encryption protocol.
With more popular words, we all know that connecting to most WIFI is to enter the password, this process is not only used to prevent rub network, in fact, more important things to verify your mobile phone and router communication is not someone else steal.
After all, for the world of chaos floating wireless data, it is like you from the phone to send a courier to the same district of the router home. Because your cell phone does not know where the router live, so the package will be placed on the shelf that "router" and "rdquo ;.
If everyone follows the rules, then each use of WIFI terminal as long as the shelves to read their own name to write the package on it. However, the attacker does not care about these, will take your parcel open, and then put in their own forged data.
If WIFI are using unencrypted way to transfer data, then you usually see what strange site, under what a small movie, but your neighbors, but clearly. But of course the most important thing is that some App and website passwords may also be leaked.
Before the WPA is encrypted, the encryption method is mainly WEP (Wired Equivalent Privacy). Since each packet uses the same encryption key, if the eavesdropper analyzes enough data, you can use the automation software Find the key.
Or with the popular point of the words, that is, your phone to the router to send the "courier", WEP although each courier package on the lock, but all the locks can be a key to open. Attackers as long as the robbery of several parcels try, you can with a key.
Source: Peter Dazeley
WEP encryption is the weakest of these three types of encryption. In August 2001, Fluhrer et al. Published a cryptographic analysis for WEP, using RC4 encryption and decryption and IV usage patterns, After hours, you can crack the RC4 key.
In 2005, the FBI demonstrated the use of publicly available tools to crack a WEP-protected network within three minutes.
Compared to WEP, WPA uses the TKIP encryption scheme and verifies that it has not been changed during the data transfer process. WPA2 uses AES encryption to further improve security.
With a very strict but simple way to explain the unit, that is, between your phone and the router every "Express parcel" and the password is changing, and your phone and router reached a tacit understanding to ensure that only each have the right The key, your router will refuse to sign those who see the passive package.
In addition to security, since WEP is part of the IEEE 802.11 standard, subsequent support for WEP encryption has been abandoned in developing faster and more stable IEEE 802.11n. If you continue to use WEP encryption, will affect the wireless network equipment transmission rate.
But because the router upgrade speed is very slow, until 2003 was more secure WPA replaced.
Since WPA2 is compatible with WPA as an upgraded version of the protocol, there is no need to replace the hardware, so most of the current routers are using the WPA2 encryption protocol.
So, for a long time, as long as you are not in public places free to log those who do not need the password WIFI, you will not be attacked.
What is the impact of WPA2 being cracked?
The most direct impact is that your home wireless network will be vulnerable to the state, your credit card, password, chat, photos, e-mail and so may be hacked.
krackattacks website shows: Android and Linux-based devices are more affected. Since Android uses wpa_supplicant, 41% of Android devices are more vulnerable to attack.
Subsequently, Google said: will be in the next few weeks to launch the appropriate security patch.
In addition to the security patch, and WEP is cracked when the same way, the best solution is to upgrade to a more secure encryption protocol.
If the new protocol is not backward compatible, for security, means that many router hardware will be eliminated, and may soon need to replace the new router.
Even if the new agreement to support backward compatibility on the hardware, which ordinary users will think of to update their own router firmware?
How can I reduce my security risk?
If hackers intend to attack your home Wi-Fi, you need to physically close. So, the physical distance of the protection of your data temporarily did not become very insecure.
However, even if you regularly change the home Wi-Fi password, it will not reduce the risk, because the Wi-Fi encryption protocol has been cracked, and know your password is not difficult.
This also means that the airport, railway stations, shopping malls of public Wi-Fi become more insecure, the best way is to try to use 4G, go out or do a large flow of the card it.
Want to get a safer experience, the best way or concerned about their router vendor firmware update in the first time to upgrade. If the router manufacturers do not maintain your router model, and then take advantage of this opportunity to quickly buy a new router, it is just waiting for the two years of intelligent router heat children.
In addition to waiting for the router manufacturers to update the firmware and replace the new router, browse the web, try to visit the https site. Wi-Fi encryption protocol is not safe, there is a site-side encryption to protect the user's data.
In addition, the krackattacks website gives some more professional advice: such as disabling the client's client mode (such as relay mode) and 802.11r (fast roaming).
But in general, this is the delay of the plan, upgrade the firmware and the router is the only solution.