Sorry to start off your week with some bad news: the WPA2 encryption protocol that protects your Wi-Fi router and connected devices from intrusions is rumored to have been cracked.
That means that a hacker who is within physical range of your home or office network could crack your Wi-Fi password, listen in on your internet activity and intercept unsecured or unencrypted data streams (such as a password entered on a non-HTTPS site, or video from your crappy home security camera to the cloud).
That’s to be expected, seeing as how WPA2 is about 13 years old now. The proof-of-concept of this attack is called KRACK (Key Reinstallation Attacks). The CVE outlining the security flaw is expected to be published at 8AM EST / 5AM PST / 2PM CEST / 5:30PM IST on Monday; the site krackattacks.com which carries more information from security expert Mathy Vanhoef of imec-DistriNet, KU Leuven is now live, so you can learn more about the methodology there.
What does that mean for you? While you may not be hacked immediately, your Wi-Fi network is vulnerable until your router manufacturer issues a security update. You should also be okay browsing most HTTPS sites, but anything that’s sent from your phone or computers in plaintext could be scooped up by eavesdroppers. If possible, use a VPN to further obscure your internet activity.
In addition, you’ll want to look for security patches for all the smart home gadgets in your house; depending on how they’re configured, they could be hacked to leak data, and allow hackers to copy or change passwords on your locks and alarm systems.
This could get ugly. We’ll update this post when we know more.