Wi-Fi vulnerability calls for personal cyber safety awareness


Photo by Jordan Johnson jordan.d.johnson@marquette.edu

The Krack, a vulnerability in the commonly used WPA2 encryption, was publicized during National Cyber Security Awareness month.

A vulnerability in the most commonly used Wi-Fi security encryption, that affects nearly every wireless device, was publicized this month.

The vulnerability, called the Krack, makes it easier for hackers to steal passwords, bank account numbers and other personal information.

The Krack affects WPA2, the standard Wi-Fi encryption, which converts information into data to prevent unauthorized access to devices and accounts.

“If they (hackers) do it right, they can read basically everything you are sending and receiving … browsing data, even passwords you are sending over WiFi,” Jason Hubler, a junior in the College of Engineering, said.

This type of vulnerability is nothing new to the world of Wi-Fi. The original Wi-Fi encryption, WEP, was damaged so much that people could no longer safely use it, and this is when the new standard WPA2 became the safer option beginning in 2004.

While the Krack is a big deal, it is not nearly as serious as a security breach.

Jeremy Edson, an Information Security Officer from Marquette’s IT department, said that even though researchers have found a vulnerability in WPA2, there is no evidence that this could directly lead to a major breach of personal data.

Hubler said this Krack is something to definitely keep in mind, however, there is no need to go into full technology panic since there is one big limiting factor that can keep hackers from stealing data.

“For a hacker to do this to a person, the hacker has to be within physical range of the same Wi-Fi network that person is using,” Hubler said.

According to Hubler, this means a hacker would have to be right outside someone’s house or apartment to steal information. However, he said one can never be too safe.

As far as a potential threat to campus, Edson feels confident about Marquette’s cyber safety.

“My feeling is that there is less of a risk on a large campus network since we have a well-trained IT staff that is charged with maintaining and updating the infrastructure,” he said. “Vulnerabilities like these are a reminder that we should never rely on a single technology to secure our data.”

In response to the Krack, Edson said students should update all devices, run malware scans, and be careful what personal information is released online.

Fortunately, for most smartphone users, the vulnerability will be fixed in the coming weeks, if not already. Microsoft had already updated software to protect their users from the Krack. Other companies, like Apple and Google have their updates in beta, so auto updates ensure phones are running on the latest security software.

Coincidentally, the news of the Krack was publicized during National Cyber Security Awareness month.

Mary Simmons, the Senior Director of IT, reminds students to remember the National Cyber Security Awareness month slogan, “Stop. Think. Connect.” while locating the cyber world. Making sure personal information stays personal is extremely important said Simmons, “Once that information is stolen, it is very difficult to get back.”