The Krack hack – is it the end of the world, or worse: is WPA2 dead?

Phil Morgan • November 6, 2017

The Krack hack – is it the end of the world, or worse: is WPA2 dead?

So here we go…

I recently read rather a lot of articles entitled “WPA2 is dead” or “The end of wireless security” and so on, online, and actually saw stuff on the news (TV news channels).

What happened then?

Well let’s spread some truth in the vast world of “exciting” news cycles, and dramatic news bulletins.

What I am going to do, is to tell you some truths about the Krack virus (actually got an email from a family member, someone who was worried about this, because they saw this Krack virus on British news!)

 

Is it a Hack? Is it a Virus? No it’s a Potential Vulnerability!

So, first of all, it is NOT a virus, nor is it a hack. It is a potential vulnerability in the current implementations of some vendors’ WPA/WPA2 protocol stacks.

What does that mean?

So, for the wifi-and-cybersecurity-is-magic folks (basically anyone who isn’t an uber-geek and is quite happy for wifi to “just work” – i.e. 99% of the population), what this means is that there is a potential problem/loophole that can be exploited or used to possibly break into the encrypted stream of one or some of your wireless clients. Basically, a couple of guys (and gals) have played around with vendors’ implementations of the WPA and WPA2 modes of operation. They found, under certain circumstances, that these vendors equipment is susceptible to being manipulated to give away secrets that can help bad guys (and gals) abuse and maybe break into networks.

Now these are good guys (and gals) who have “outed” this problem, and they have done it so we can make the world a better place.

It’s important to understand that it is a potential vulnerability and that no code has been written (as of late October 2017) to take advantage of this that we know about. The problems with the statement I just made is “that we know about”. Hackers are probably busy at this moment writing code to do just this. So we have to treat this seriously.

So, what happened next? Well the folks that discovered this, regard themselves as “good guys (and gals)”. They responsibly notified vendors about this potential hack, well before releasing it to the public. Vendors started to work on and release patches that protect from this vulnerability. Good on you vendors, it is the right and responsible thing to do. Our vendors have our backs here and have released, or are releasing, fixes for these potential problems. Our advice is to check with your vendor, see what they say, and take it from there.

Now I was going to spend some time digging into this and writing a lovely blog for you all on this subject. But my good friend Heather Williams at Ruckus has done such a great job, I will refer you to her blog entry on this:
https://theruckusroom.ruckuswireless.com/wired-wireless/technologytrends/commonsense-approach-uncommon-problem/

Heather goes into great detail, in her blog entry, about the vulnerability, what it does, and that it is, in fact, NOT the end of the world.

Heather even includes a link to an article by Kevin Beaumont that includes the original document released by our friendly good guys (and gals), who discovered the vulnerability.

Heather also includes a link to a blog entry by Peter Mackenzie which gives follow up links to much more information and details on the Krack vulnerability. (By the way, Peter’s post is on the WLA website – WLA is a great resource and community to get involved with for WiFi engineers, we highly recommend you take a look at the site).

So is WPA2 Dead?

I don’t think so. Let us know what you think.

 

That’s it for now. I will include the follow up links from Heather’s site for reference and include a link to the WLA. Stay safe and see you next month.

 

If you are looking to make your mark in the IT Industry, then NC-Expert offers excellent training courses aimed at relevant IT industry certifications – contact us today to get started.

NC-Expert Blog

The Importance of Using a VPN

By Rie Vainstein March 31, 2025
A Digital Shield for Your Online Adventures As tech professionals, we often spend a good chunk of our lives navigating the digital realm. Whether you’re troubleshooting a network, coding a new app, or just binge-watching the latest series, one thing is clear: your connection to the internet is a double-edged sword. It’s both incredibly convenient and, if not properly secured, a potential vulnerability. Enter the VPN (Virtual Private Network) our trusty, digital bodyguard. If you’re not already using one, or if you’re not entirely sure why you should, let’s walk through some of the reasons why a VPN is essential for anyone working in IT and, frankly, for anyone who uses the internet. What Is a VPN? In simple terms, a VPN creates a secure, encrypted tunnel between your device and the internet. It allows your data to travel securely, masking your IP address, and ensuring that no one (be it hackers or nosy advertisers) can track or intercept your online activity. Think of it as your personal “cloak of invisibility” in the digital world! 

Troubleshooting Wireless Networks with Ekahau

By Phil Morgan March 13, 2025
Troubleshooting Wireless Networks with Ekahau: A Professional Engineer’s Guide Wireless networks have become the backbone of modern business infrastructure. From office environments to large-scale enterprises, ensuring a seamless wireless experience is essential for productivity. However, despite advancements in Wi-Fi technology, network performance issues often arise, ranging from signal interference and dead zones to capacity overloads and channel mismanagement. To tackle these issues efficiently, professional engineers rely on powerful tools. One such tool, Ekahau AI Pro, has become a gold standard in the wireless industry for troubleshooting and optimizing Wi-Fi networks. This blog delves into troubleshooting wireless networks using Ekahau tools, providing practical examples and technical insights to guide professional engineers in improving network performance.

Post-Quantum Cryptography: The Future of Digital Security?

By Rie Vainstein March 3, 2025
Futureproofing Our Security In our increasingly connected world, the security of digital information has never been more critical. From banking transactions to private communications, our data is constantly transmitted and stored across the internet. The current systems that protect this data rely on cryptography, a branch of mathematics that helps keep information secure by encoding it in ways that are difficult to decode without the proper key. However, with the rise of quantum computers, traditional cryptography is facing new and significant threats. This is where Post-Quantum Cryptography comes into play. What is Post-Quantum Cryptography? Post-Quantum Cryptography (PQC) [1] refers to cryptographic algorithms that are specifically designed to be secure against the power of quantum computers. Quantum computers, once they become practical, will be capable of solving complex mathematical problems much faster than classical computers. This will render many of the encryption methods we rely on today [such as RSA (Rivest, Shamir, and Adleman – initials of the inventors) and ECC (Elliptic Curve Cryptography)] vulnerable to attack. Quantum computers operate on quantum bits, or “qubits”, which can exist in multiple states simultaneously, unlike classical bits that are either a zer (0) or one (1). This allows quantum computers to perform certain calculations exponentially faster than classical computers. For example, in a matter of seconds, a quantum computer could potentially break an RSA key, which is considered secure by today’s standards. As quantum computing technology advances, the need for PQC becomes even more urgent.
Share by: