KRACK Goes the Wi-Fi
A great deal of news and concern has been circulating this week surrounding the KRACK in the security of Wi-Fi’s WPA2 encryption. The problem boils down to the newly-increased vulnerability of Wi-Fi hotspots previously thought to be secure are now vulnerable. In the past, connecting to a password-protected hotspot, such as at home or work, meant that the WPA security configured on that hotspot was expected to do that.
Well, say goodbye to that due to KRACK.
To put it bluntly, Wi-Fi hotspots that were thought to be secure using the very popular WPA2 protocol are now completely exposed by KRACK to a man-in-the-middle attack. This means an attacker can see and modify your data on that Wi-Fi, exposing you to data theft, malware and possibly hijacking your login sessions. And, this problem isn’t just limited to residential hotspots. Many work and school hotspots are also configured with WPA2 security. So virtually every Wi-Fi you use is vulnerable to exposing your data to thieves and hackers.
Right now, almost everyone in the ecosystem is talking about patches that will arrive to fix this. While these are coming, there will be a wide time gap as these are released for each device. But what is worse is that many devices will not be upgraded for a long time. Case in point is the highly fragmented Android market which relies on any mix of device level, mobile operator allowed and manufacturer produced updates to be pushed to customers. Even on iOS, where Apple will release a fix for virtually every device used in the wild, over 25 percent of iPhones and iPads have yet to even update to iOS 10 which was released over a year ago.
With this level of uncertainty on when patches will be available, users of Wi-Fi need to be aware that they are more vulnerable to attack than they were before.
While lots of internet traffic is already sent encrypted using HTTPS, the other 30% of mobile traffic from many apps and websites isn’t encrypted. This is where the KRACK (pun intended) widens, placing anyone who doesn’t take steps to protect themselves at risk. Given how often in today’s mobile era smartphones and tablets are connecting automatically to hotspots, the problem that’s been created by KRACK is one that won’t be fixed overnight.
With over 70% of mobile users connecting to a Wi-Fi hotspot every week, most of the planet is now vulnerable to a wide range of threats enabled by KRACK. KRACK essentially enables the same type of man-in-the-middle attacks that used to only be possible on public unsecured hotspots, such as hotspot impersonation, login session hijacking (ala Firesheep) and pervasive monitoring (ala NSA and GCHQ).
Now with the KRACK hack, these risks have only increased.
Mobolize has been concerned about this for some time now. With the dynamic expansion of mobile devices and the pervasiveness of Wi-Fi, we’ve known this would lead to even higher levels of data risks for the everyday user. That’s why we created MOBOLIZE | Secure. With MOBOLIZE | Secure users receive automatic privacy protection that is easy to use by seamlessly encrypting your traffic to ensure that the data is never vulnerable. The user doesn’t need to turn on or off the service… making it the easiest, and safest solution on the market.
Our solution is the only VPN that has the smarts to be able to recognize and split HTTP and HTTPS traffic. As a result, MOBOLIZE | Secure doesn’t double-encrypt HTTPS traffic because doing that offers no additional protection to the user while also breaking some apps (e.g. banking, Netflix) and reducing battery life. With our SmartVPN® technology, we intelligently encrypt the data that isn’t already encrypted, automatically whenever a user is on Wi-Fi.
Typically, MOBOLIZE | Secure is white-labeled through mobile operators such as Sprint. Partners can evaluate the end-user experience with our Mobolize demo app available for iOS and Android. Check it out in the Apple App Store or Google Play Store today.
Don’t be hacked or KRACKed… Get MOBOLIZE | Secure, and stay safe when you’re surfing.
– END –