A Belgian researcher has discovered a flaw in the WPA2 security protocol, the most used for Wi-Fi. If the risk is real, the threat can be easily dismissed.
Like the nose in the middle of the figure, the so-called "Krack Attacks" flaw that shakes the little world of computer security is huge. It concerns nothing less than almost all computer terminals connected to a Wi-Fi network: computers, smartphones, connected objects (audio speakers, televisions, thermostats, hard disks, cameras, connected refrigerators ...).
The trouble is that it concerns the security protocol WPA2, the device responsible for encrypting Wi-Fi exchanges between the access point and the user. To summarize, the fault discovered by the researcher Mathy Vanhoef is global, old and potentially very dangerous. It is thus distinguished from numerous computer vulnerabilities, which software publishers and computer hardware manufacturers are struggling to constantly correct, by its nature and by its magnitude.
A hacker within range of your Wi-Fi network can potentially intercept your data, from innocuous and impersonal, to your e-mails, your vacation photos last summer, your bank password or your login details. access your favorite online order site, where your payment method is pre-registered. Even worse, this breach could be used to install malicious software, such as "malware" or "ransomware".
It is therefore a safe bet that the intruder operates preferably in a place rich in potential prey: cybercafé or public network of library, station, airport, green space ... And less surely to aim you , especially. The basic reflex for this kind of connection is caution.
Although the threat is potentially serious, it is easy enough to guard against attacks caused by this new vulnerability. Already, if you use a computer, know that the Belgian expert had informed Microsoft of the problem as early as last week. If you have enabled automatic updates that are not faulty on Windows machines, you are protected.
For other terminals, Macs and computers running Linux, the situation is less pleasing because the "fix" or patch is not yet available. Apple said it would correct the problem "in the coming weeks," without further clarification.
A first defense strategy is to apply all the patches proposed by the software publishers, whether operating system or firmware.
Mobile phones are also concerned
After computers, it should be kept in mind that phones running Android are affected by the problem, as the iPhone, even if the potential damage would be more limited in the latter case.
Second parade, it is necessary to connect to sites in "https", those whose address or URL bar is embellished with a small pictogram in the form of padlock, to carry out sensitive operations.
In reality, it will not change habits so much since the banking or e-commerce sites, still the Google messaging, are of this type. However, the Belgian researcher specifies that the "https" would not be a perfect antidote.
A third and last possible protection is to use a VPN, for "Virtual Private Network".
This VPN is particularly interesting in this case, because it adds an additional layer of encryption in the use of the terminal used and overcomes and the flaw in the question that answers the WPA2 question of Wi-Fi in default. We believe that in sensitive sites, this solution is already in place and that the data important to our national security are safe.