Wi-Fi WPA2 Vulnerability

What you can do to reduce your risk from the recently revealed Wi-Fi issue called KRACK.

On October 16, a researcher publicly disclosed a potential Wi-Fi security issue. The issue affects “WPA2,” the method used by most devices and routers to protect Wi-Fi traffic as it travels through the air. This is an industry-wide issue, and it could impact anyone using Wi-Fi. But it does have limitations, and corrective patches are on the way.

How It Works

WPA2 is an industry-standard encryption method used to secure communications between wireless devices and access points. For example, it’s often used when you’re on a laptop, smartphone or tablet, and you’re connected to a business’s Wi-Fi or your home wireless router. KRACK, as the vulnerability is called, may let someone trick the Wi-Fi security into thinking information has been securely encrypted when it has not been.

The Wi-Fi Alliance, which oversees protections and issues related to Wi-Fi, issued a statement and said there was no evidence the vulnerability had been used in a successful attack. Here is the statement from the Alliance: https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-security-update

Where It Works

To take advantage of the weakness, someone would have to be within physical range of your Wi-Fi signal. The issue does not affect information stored on devices. And it cannot impact information sent over a cellular signal, like LTE, or information flowing through an Ethernet cord. It also cannot affect Wi-Fi communication with a secure website (HTTPS) or a VPN service (virtual private network) because both of those encrypt the information separately.

What Can You Do?

Take care of your devices. You should install software and device updates as soon as you receive them. Device companies are working on patches and updates to block the issue, and some have already been delivered. Please be alert for notifications that updates are ready for your devices and install them as soon as possible.

Make sure any website you visit begins with “https://” or shows a small image of a padlock in the search box.

If you need to share sensitive information, like putting in your credit card number to buy something over the internet, consider turning off Wi-Fi and using the cellular network, or plugging your device into the internet with an Ethernet cord.

The best thing you can do is follow safe internet habits. You can learn more ways to help keep yourself and your information safe on AT&T’s Cyber Aware website.

What's Next?

Patches are on the way, but will take time. WPA2 is currently the most secure Wi-Fi encryption protocol in use. It is widely used by companies, home users, and devices everywhere to connect devices to the internet. That means many companies are working on many patches to correct the issue.  At AT&T, we are working with our vendors to deploy security patches to access points as soon as they’re available.