Every Wi-Fi connection is vulnerable to hacker attacks. How does this sound? Now, up until two weeks ago, we could have suspected this to be true, but now we have proof that this is actually a fact.
A successful Krack hacking attack has made things pretty clear for all of us who use Wifi on an everyday basis. This doesn’t only mean that our online privacy is compromised, but it also means that a lot of trouble will be headed towards the companies who heavily rely on Wi-Fi, such is IoT companies for instance.
Lets see what is this notorious Krack hack attack and how it will affect the future of wireless devices.
It All Started with the Wi-Fi Security Standard
Back in 2004, Wi-Fi networks officially became a huge thing. Experts provided a security solution for Wi-Fi networks – Wi-Fi Protected Access 2 (WPA2). It’s cryptographic protocols were meant to keep all data transmitted over Wi-Fi protected and very well hidden from the prying eyes of hackers.
This security protocol was quickly adopted as the standard in the industry, resulting in it being used in all modern protected Wi-Fi networks. This means your home, your work, hospital, cameras, garage doors, and so on.
KRACK Hack Vulnerability
And it all went fine until a few weeks ago. Mathy Vanhoef discovered a serious weakness in the WPA2 protocol. The attacker has to be within the range of the Wi-Fi network to exploit it, but even so, they can abuse this flaw to steal passwords, look at the chat messages, photos, emails, get credit card info. Hackers can further wreak havoc by using the exploit to inject and manipulate data on the Wi-Fi.
Since the exploit uses key reinstallation attacks, the name of the hack is KRACK. The hacker can easily manipulate the handshake between two devices, clone the network, access and manipulate all data transmitted between the two connected device.
The Future of Wireless Devices
As soon as the weakness was discovered, Microsoft, Google, and Apple all released patches to protect their users and to fix this vulnerability. This action helped the users of millions of the devices but what will happen to other devices relying on the Wi-Fi – smart watches, smart homes, bluetooth trackers, smart vehicles, fitness trackers, and millions upon millions of IoT sensors connected to the Internet via Wi-Fi. In other words, the IoT industry is going to suffer the most. Some even say that it will take ages before all IoT devices are made invulnerable to this type of attack.
Experts say that it is difficult and slow to patch all the IoT devices because it will take coordinated effort. Also, end users might not be aware that they have an IoT device in their homes. Take for instance refrigerators with IoT sensors. Those are definitely not going to patch themselves. And, in order to make the network protected from a KRACK attack, everything has to be patched and updated.
While it may seem ridiculous to have your refrigerator patched, you should know that by exploiting this vulnerability, the attacker can open your electronic doors or get access to your garage. Everything is interconnected thus everything has to be fixed in order to have a KRACK exploit-proof system.
Take for instance the medical or car industry. When a flaw in the car or in the medical device is identified, companies have to recall all the products from the market and contact each user to inform them about the flaws and potential consequences. Sadly, this is not the case with the IoT industry.
The KRACK exploit is definitely a wake up call for all those in the IoT industry to rethink their strategy and to develop better fall back initiatives for their devices. It definitely proves that IoT has still a long way ahead before it.
The fact is that it will take a long time before we have a KRACK-proof world. Hopefully, the big names in the IoT industry will set the example for all the other players to follow. This should also serve as an incentive for governments all around the globe to address the legal side of IoT with great care and attention to every little detail.