The WPA2 wi-fi security protocol has been breached by security researchers – this is the wireless security standard used by most consumer and business routers. The WPA2 breach, nicknamed ‘Krack’, has already led to a flurry of security updates to patch the issue.
What is WPA2?
WPA2 has long been regarded as safer than the various wi-fi protocols it has replaced. In effect, it protects most of the personal and business traffic on the internet. In theory, the breach of this protocol could leave home and business routers vulnerable to hacking and snooping.
However, the risk remains theoretical so far, and extra protections are in place on most sites that will safeguard your data.
Is my data at risk?
You’re not instantly vulnerable to anyone and everyone online. The WPA2 vulnerability won’t help a hacker to snoop on your Amazon activity or online banking, for instance.
Sites with https in the address have extra security in place. The data you send to such websites is protected. This includes your login details and any password or financial information you supply.
Should I change my router password?
No. Changing your wireless router password won’t resolve the security issue. It's not a matter of your password itself being secure - it's the encryption of the data over your network.
Can the Krack breach be solved?
A fix has already been released by Microsoft for Windows users. This fix should have come bundled in with regular Windows updates – search for windows updates in the bottom-left Windows search box to check if you have any pending updates.
Mac, iPad and iPhone users are not believed to be at risk, because of the way Apple implements WPA2 on its devices.
But, Krack attacks could still affect Android and Linux devices, plus ‘smart’, wi-fi enabled home appliances. Various updates are expected to be rolled out to address vulnerabilities for such devices. Keep an eye out for software updates on your computers, phones, tablets and smart devices, and install them as soon as they’re available.
Is my router safe?
While the WPA2 vulnerability is alarming, it doesn’t mean you need to ditch WPA2-compliant routers. Other encryption processes – most crucially the use of safe https sites – will keep your data secure.
You should keep an eye out for firmware updates for your router, too. In some cases, these will install automatically. other routers may require you to go into the admin menu to make such changes. You'll likely receive an email notification from your internet service provider advising if such actions are required.
Should I use a VPN?
We’ve heard from members who’ve seen a message from Norton or Kaspersky Internet Security following news of the Krack breach. The alerts recommend that customers use a Virtual Private Network (VPN) tool called Norton WiFi Privacy to protect their data.
A VPN masks your network activity by creating a private, encrypted online connection between your computer and a remote server. While a VPN can boost your online privacy, we think that it’s overkill for consumers.
Many VPN services, including Norton’s and Kaspersky's, charge for their use. A VPN can also slow down your network activity. With the Krack threat, the most important solution is to install system updates and patches for your internet-connected devices as soon as they’re available