The WPA2 protocol has been compromised. The so called KRACK attack allows reading encrypted content.
It was always a good idea to use encrypted communication on top of WPA2 for sensitive data, like https, ssh or a VPN. This practice has been recommended in this blog before, which was again inspired by what Bruce Schneier wrote about it.
Anyway, we should certainly start of thinking of WLANs with WPA2 encryption as a useful transport mechanism, but not as a very secure mechanism to encrypt data. At least from now on we should use other encrypted protocols on top of WPA2 where appropriate or use cable networks for internal communication that we do not want to encrypt additionally.
Links:
- Wikipedia
- The Guardian
- Bruce Schneier on KRACK
- More from Bruce Schneier
- KRACK’s own web site
- ars technica
- Scientific paper about KRACK attack and vulnerability of WPA2
- Matthew Green’s Blog
- Nicholas Weaver’s Blog
- Alex Hudson’s Blog
- heise.de (German)
- Zeit online (German)
- golem (German)
