The Big Bug in the News: the WPA2 flaw

Wi Fi signal graphicThe big news this week is a protocol flaw in the Wireless Protected Access protocol, version 2 (WPA2). The Ars Technica article covers the details pretty well. This is what every Wi-Fi wireless router on the planet uses these days. The problem does not directly damage your system, but it can uncover data you had intended to encrypt.

The technique can trick the system into reusing a cryptographic key. To keep encrypted data safe we must avoid encrypting the same data twice (here’s an example of how it fails). While crypto system designs usually account for this, the attack on WPA2 tricks the system into reusing the key.

Vendors should be fixing this flaw over the next few days or weeks. It will take time to write up the corrections and make them available to end users. Software needs to be patched in Wi-Fi routers as well as phones, tablets, laptops, and so on.

Meanwhile, you’re vulnerable to someone who figures out how to implement the attack, but only if they are in radio range of your Wi-Fi.

For a lot of people, Wi-Fi encryption simply adds another layer of protection atop SSL/TLS/HTTPS encryption. There are tricks, however, by which attackers can disable such protection in a few cases.

 

One thought on “The Big Bug in the News: the WPA2 flaw”

Comments are closed.