Security Medium 1 – WPA WiFi Encryption Develops KRACKs
This week started with a big security news announcement (responsibly disclosed, which is nice). Security researchers at the Belgian university KU Leuven revealed a collection of related attacks against the WPA2 protocol (WiFi Protected Access version 2). The problem at the root of these attacks was not related to any specific implementation of the spec, but with the spec itself, so every manufacturer who implemented the spec correctly would have introduced these vulnerabilities into their WiFi drivers. Because you have to give a bug a fancy name to get any media attention these days, it was given the somewhat strained pseudo-acronym KRACKs, from key reinstallation attacks.
We’re not going to go into the technical minutia here, but I have included links to some good explanations below. I do want to give a high-level overview of the problem though.
George from Tulsa is back with some ideas on what might be causing Denise’s high bandwidth usage. It’s a great list of things to check out. Denise comes back with a great success story on the issue and then a walkthrough of her recent upgrade of her Mac mini to an SSD with some great advice. I get a word in edgewise with these two and talk about how I added language support to Podfeet.com and how we FINALLY got our AppleTV working on hotel WiFi so Steve could watch the Olympics.
Well Castaways, it was time to replace our router.
Our ISP caps our bandwidth to 450 GB per month and several times a year they assert we use double this or more. We don’t stream a lot of movies, our cloud data is pretty static, and we have a stupidly complex password, so this runaway bandwidth is a mystery I cannot solve with our aged Airport Express router.
We also need the ability to manage a lot of WiFi devices.
The wiring closet is at the far back of the house, which has always caused connectivity problems in the front of the house.
This week we’ll learn how awesome Smile, the makers of TextExpander really is (in spite of last week) and how Ditto can give you notifications without a smart watch. We’ll learn how you really NEED a wicked cool new router like the Netgear X8 5300ac, and Bart is back with Security Bits.