Skip to main content
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

Every Wi-Fi Device Now Poses a Security Risk With WPA2 Flaw

By George Khoury, Esq. on October 18, 2017 | Last updated on March 21, 2019

If you use a password protected Wi-Fi network, chances are you're using a WPA2 password. Most consumer Wi-Fi routers and connected devices have been using the WPA2 standard for years. And until this past week, WPA2 was pretty much considered safe, but now, experts are warning Wi-Fi users about a new hack that threatens to unravel the core of WPA2 security.

The KRACK hack exploits a process in the WPA2 protocols called the "four-way handshake." This is, in effect, an exchange of information between devices and router that allows someone to be granted access by verifying the device has the appropriate key. The hack takes a flaw in this process to gain access to a network, allowing a hacker to monitor, copy, manipulate, send and stop information on the network.

What Can You Do?

Since not using Wi-Fi probably isn't an option, you might be wondering what you can do to protect yourself. If your devices are not set to automatically download and install legitimate security updates, you should check to see if your computers and devices have recent security updates to be installed.

As experts have pointed out, the flaw is fixable but will require companies that make affected products to release patches to close the exploit. Several companies have done so already, or have released patches to at least reduce the risks. If you use WPA2 security on your firm, or home, network, it might not be a bad idea to refresh your offline backups ASAP in case you suffer a breach and need to shut down or replace your systems or recover your data.

KRACK Attack

Fortunately, there have been no reported cases of KRACK attacks in the wild. However, that doesn't mean the exploit won't be used. Researchers reported on it during the Black Hat security conference this past summer, and the same researchers are scheduled to formally present more about it next month. However, between then and later, malicious hackers will likely try to abuse the exploit. Unfortunately, short of installing a network activity monitor, and learning how to monitor your network, there may not be much you can do on your own while also running your practice.

If you are truly concerned that your firm will be hacked before patches are released, you can bring in a consultant that will be able to put together some form of two-factor authentication for network access.

Related Resources:

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard