As of this week, the main protocol used by wireless routers, WPA2, has been compromised. The scary thing about this new hack is it affects a protocol not specific to a system or hardware. This means that no matter what wireless device you use, whether it be Android, iOS, OS X or Windows, your system can be affected. While device and software manufacturers scramble to patch their systems, the seriousness of this hack underscores the importance of enforcing encrypted traffic via http or VPN (on all avenues regardless of a service’s importance.)
What Does WPA2 Security Mean For You?
Your internet connection relies on wireless and wired networking, which are divided into distinct transport layers called the OSI Model in IT Parlance (If you work with any network engineers, feel free to pick their mind on this.). The protocol used to encrypt wireless transmissions is included in layers 1 and 2 of the 7 layer OSI model.
You can think of the OSI model like the logistics of Amazon shipping. The item that you order goes into a brown box, which then goes into a delivery truck. The delivery truck takes the package to an airport, the package gets on a plane, and the plane flies to another airport. Finally, the package is unloaded onto another truck, and eventually delivered to your door. To fit my above allegorical example, with the WPA2 crack, it’s like the bad guys (hackers) have hijacked the delivery truck on the way to your house.
How Can You Protect Your Data?
There is a way to protect your packages, however, and it doesn’t involve exotic security systems or advanced technologies. The solution lies in encryption, something which the majority of websites should already be doing. Notice that the website this article is hosted on uses the HTTPS green lock icon in the URL bar above. This lock icon signals that the server where the site is hosted and the browser you’re using to read this article have entered into a “trust relationship.” In a trust relationship, the browser is able to accept and decrypt data from the server with certainty that the information has not been tampered with or read.
To illustrate how encryption would work in the context of bad guys hijacking the Amazon delivery truck, think of your encrypted package as a small transportable safe being shipped. The bad guys can see it, but they can’t open it up and have no idea what’s inside. If they do somehow manage to open it (unlikely), you’ll know because your package will be opened upon delivery.
The HTTPS protocol is not the only way you can protect your data in flight. A “VPN”, or virtual private network, also provides transport-level encryption to protect your intercepted data from being read or tampered with. Setting up a VPN is trivially simple for a single user and there are tons of companies that offer affordable VPN plans.
The goal of this is post is to illustrate that even though the wireless protocol itself was compromised, you can still protect yourself AND your data by following relatively simple security procedures. If you happen to be facing a difficult cybersecurity challenge, or just need general advice, contact Atlantic BT. Our security experts have decades of combined experience and are here to solve any problem you encounter.