Wi-Fi Vulnerability: How to Connect More Securely

Q: What exactly is WPA2 in routers?

A: When you see the term WPA2, some people feel a sense of familiarity—it seems like something encountered while configuring a Wi-Fi router.

The convenience brought by Wi-Fi’s radio waves can also be exploited by attackers.

To prevent others from easily accessing your internet data, it is necessary to encrypt this data. WPA2 is currently the most commonly used Wi-Fi encryption protocol.

Before WPA2, there was WPA, and even earlier, WEP.

WEP stands for “Wired Equivalent Privacy”. This means that using this encryption can make a wireless network as secure as a wired one.

The tragedy is that WEP was proven to be insecure just a few years after its inception. Even with today’s personal computer CPU processing power, it can be cracked in minutes.

Learning from the lessons of WEP, designers used more robust encryption algorithms and longer keys in WPA, along with a series of enhanced security designs.

WPA2 builds on WPA, using two more secure encryption algorithms, which theoretically makes it even more secure.

But, even the strongest armor can have weak points.

In the design of WPA2/WPA, to ensure security, a key can only be used once. However, researchers found that by manipulating replay encrypted handshake messages (i.e., recording and retransmitting certain key data during the communication process between your phone and the Wi-Fi router), a previously used key can be reused.

They named this attack “KRACK”.

——by Tencent Security Joint Laboratory Xuanwu Laboratory

Yu Yang (tombkeeper)

(In summary: WPA2 is more secure, but this time it was still compromised)

Q: What dangers does “KRACK” pose?

A: KRACK cannot crack your Wi-Fi password. In other words, it cannot be used to help someone “steal” your internet.

However, attackers might use this technique to gain access to your Wi-Fi communication content, such as knowing what you are downloading, and they could even alter your communication content—replacing a movie with “Huluwa”.

If the network services you are using are not well encrypted, hackers can use this technique to steal your sensitive information, such as your credit card, passwords, chat logs, photos, emails, etc., or alter your communication content.

However, since there are differences in implementation details across operating systems, the extent of impact varies. Generally speaking, Android and Linux are the most vulnerable, while iOS and Windows are relatively better.

But it’s somewhat reassuring that—advanced attacks like KRACK are not the biggest threat to ordinary users, and at least currently, there are no publicly available attack tools. The cost of using such an attack technique is relatively high, so the probability of ordinary users being attacked is not high.

——by Tencent Security Joint Laboratory Xuanwu Laboratory

Yu Yang (tombkeeper)

(Seeing my balance is only two digits, I feel a sudden surge of security)

Q: How can I connect to Wi-Fi more securely?

A: In response to KRACK, the latest iOS 11.1 beta 3 version released by Apple has already fixed this vulnerability, and Windows 10 has also addressed this issue in the October patches (Editor’s hard sell: You can use Tencent PC Manager to update patches in a timely manner to ensure your computer is immune to attacks).

For issues arising from such fundamental protocols, there are not many solutions aside from updating the system or firmware.

However, for everyday Wi-Fi usage, avoiding simple and easily brute-forced Wi-Fi passwords is a more urgent matter.

Additionally, it is recommended to raise security awareness and avoid connecting to unfamiliar Wi-Fi networks casually.

——by Tencent Security Joint Laboratory Xuanwu Laboratory

Yu Yang (tombkeeper)

(Although my balance is only two digits, I can’t set my password to 123456.)

Hard sell 2.0: Developing a habit of using security software like Tencent Mobile Manager can reduce risks.)