Snippet: In October 2017, Mathy Vanhoef and Frank Piessens from the University of Leuven in Belgium revealed the viability of what they term the “key reinstallation attack” (or KRACK).

In October 2017, Mathy Vanhoef and Frank Piessens from the University of Leuven in Belgium revealed the viability of what they term the “key reinstallation attack” (or KRACK). They demonstrated that it would be possible to interfere with the supposedly secure “four-way handshake” used to generate unique encryption keys for different users and during different sessions. This vulnerability could allow fraudsters to decrypt and steal sensitive information, especially on Android devices. The discovery of this threat led to renewed awareness of the security risks of the Internet – even password-protected Wi-Fi.

In response, the Wi-Fi Alliance® announced on 9 January that they will be rolling out improvements to the vulnerable, fourteen-year-old Wi-Fi Protected Access 2 (WPA2) security protocol – the root of the KRACK problem – immediately. A completely new protocol, WPA3, will be implemented in the longer term, and will offer further enhancements including “features [that] deliver robust protections even when users choose passwords that fall short of typical complexity recommendations”.

In the meantime, what measures can enterprises take to protect their Wi-Fi users?

  • External-facing as well as internal, LDAP-based sites should use HTTPS only.
  • Internal users should authenticate themselves using TLS when accessing LDAP-based sites.
  • Links shared in e-mails should reference only HTTPS URLs.
  • The enterprise website, blog and/or related pages should reference only HTTPS URLs.
  • An app or TLS should be used for internal communication to retain confidentiality even when the Wi-Fi network is vulnerable.

Employees should also be encouraged to set up two-factor authentication (2FA) on their accounts outside of the workplace, such as for personal e-mail and social media, and to steer clear of public Wi-Fi whenever possible.

Subscribe to our blog.


Entersekt editor

Entersekt editor

An avid scowler and violent sharpener of pencils, Editor’s bark is worse than her bite. Every scrap of writing that crosses her desk she treats with the same care she would her own privately published comic verse. Any orphans and misfits, she takes under her wing. After hours, she practices amateur type design and represents her local library in extreme kerning competitions.

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.