Now it’s the Wi-Fi
A new cyber vulnerability threatens wireless devices, Internet of Things
Cyberattacks are a serious concern for nations and corporations, whose systems are complex and tempting to hackers.
Now we learn the same is true of the wireless networks behind the Internet of Things; the connected thermostats, refrigerators and other devices we rely on for daily life.
Researchers have revealed that the WPA2 encryption protocol that secures many home Wi-Fi routers has a vulnerability that could allow cyberattackers access to our personal passwords, emails and other data. Known as Key Reinstillation AttaCK, or KRACK, the weakness affects nearly every Wi-Fi device.
“The future viability of the Internet of Things will be determined by how seriously industry takes issues like this,” said Mark Orlando, chief technology officer for cyber services at Raytheon. “These devices are cheap and small and almost forgettable as millions of them feed data into our new cyber ecosystem. Updating them to keep up with cyber threats and new vulnerabilities was never part of the equation for many of their developers.”
The WPA2 protocol depends on what cyber experts call a “four-way handshake” process that takes place when a client looks to access a secure wireless network. Because Wi-Fi relies on radio signals, which can be distorted in transmission, the third part of the handshake can be re-sent from a wireless access point as a redundant safeguard. Attackers can collect those messages and replay them to gain access, according to a post from cybersecurity firm Forcepoint Security Labs. Raytheon owns a majority share of Forcepoint.
The newly discovered KRACK vulnerability carries serious implications for larger systems, including the developing Internet of Things, according to Orlando. He recommends three steps to protect current and future systems:
1. Bring transparency to the standards and protocols that govern how a new technology works, so the developers who depend on them can understand where risks reside.
2. For businesses including new technologies into their supply chain or operations, vulnerability assessments should be a best practice.
3. Continued sustainment of the Internet of Things requires active maintenance rather than deploying and forgetting about any device.
Consumers worried about their Wi-Fi at home should make sure to update the software on all devices. Most providers and manufacturers are already making fixes available.
Microsoft, for one, has already issued a security update for its Windows software. Apple has reportedly patched the weakness in current beta versions of its operating systems iOS, tvOS, watchOS and macOS; that fix will be available soon. Router manufacturers like Netgear and Eero are also issuing patches in the form of updates to their software.