We all love wireless networks. Not having to contend with cables which can be snapped or trip you over is the stuff of dreams come true. Here in Zimbabwe more so as we mostly use our mobile phones to access the internet. When it comes to internet access we have come to rely on Wi-Fi and it has served us well.
As we do our browsing over Wi-Fi the wireless network has to be protected, making sure we are safe from hackers and malware. The most popular security protocol used to protect Wi-Fi connections is Wi-Fi protected access 2 (WPA2) and it was one of the most secure wireless protection systems. Your wireless connection is probably protected by WPA2.
Researchers have found vulnerabilities in WPA2 and it turns out it can be breached relatively easily. Relatively easily for a hacker.
It works by exploiting the four-way handshake used to set up a key for encrypting traffic between a device and access point. In the third step of the handshake, the key can be resent multiple times. If done in a specific way, a cryptographic nonce may be reused – allowing an attacker to eavesdrop on the rest of the Wi-Fi traffic in that session.
The exploit is being called KRACK, Key Reinstallation Attacks. It is most effective against devices running Android, Linux and OpenBSD and to a lesser extent macOS and Windows.
What can the hacker do or obtain?
The hacker can intercept all kinds of data presumed to be encrypted, passwords, emails and more from a vulnerale access point or device. The hacker can also inject malicious content into a website the user is visiting e.g ransomware.
The hacker could also use your internet connection for themselves. They could deplete your bundle if it is capped whilst downloading HD movies or whatever they want. Or worse they could be up to illegal stuff and would use your access point for that.
This point is why we should be allowed to restrict access by MAC address. It is not fool proof but it is an extra layer. So I’m looking squarely at ZOL as I say this. We need to be able to restrict access by MAC address, make it happen.
Are you in danger?
The hacker has to be in proximity and so you are not vulnerable to everyone on the internet, especially the infamous Russian hackers. The hacker has to physically be close to your access point or device so that’s a weak layer of security you have there.
There are other security layers and if you are visiting secure websites (HTTPS-protected) youmay be safe. It’s not fool proof though since improperly configured sites can be forced to drop from encrypted HTTPS to unecrypted.
What can you do?
The best you can do is avoid Wi-Fi if that’s possible and use wired connections. If not possible, for those smartphones especially, read on.
You may want to stick to secure websites to safeguard the information sent over your network. Those websites with the padlock in the address bar. Work on patches is already under way and be sure to update your wireless router and devices when those patches become available.
Your second best bet safety measure is using a VPN. Care however should be taken when choosing one.
Quick NetOne, Telecel, Africom, And Econet Airtime Recharge
If anything goes wrong, chat with us using the chat feature at the bottom right of this screen