THE WORLD'S WIFI is officially no longer safe, after the revelation that the WPA2 encryption that guards almost all WiFi networks has been cracked.
A team led by the US government will give full details later on Monday but have already confirmed that an exploit, known as KRACK, is able to break through the encryption layer, putting anything into the plain sight of hackers.
The US Computer Emergency Readiness Team (US-CERT) has confirmed that using WPA-2 makes you a target and that's pretty bad because the majority of home routers don't have anything stronger.
Or to put it another way - if you use WiFi, you're a sitting duck.
At this stage, we're not sure how easy it is for a hacker to use KRACK and so therefore how bad the problem is. If it involves being within the range of your WiFi network for an hour, then it's less of a worry. If it's instant, then someone could attack you in a slow-moving car.
And that's not such an unlikely scenario - when WPA (1) was cracked back in 2009, it took a minute to slap down the data.
WPA2 has been so far from the back of people's minds it has hardly been mentioned on these hallowed pages, save for a portent of doom via a Virgin WiFi hack in July.
The full warning so far reads: "US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol.
"The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017."
In other words, this is as bad as it gets. It has the potential to be Heartbleed on steroids (or on KRACK, if you insist) and there's pretty much naff all any of us can do about it because no one has been really focusing on what would happen if it was.
Full details (and therefore how much we should worry) will appear later at krackattacks.com before a formal presentation of researcher findings at a talk called "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" (yes that's really what it's called) at the ACM Conference on Computer and Communications Security in Dallas on 1 November. µ
Even if it does have another silly name
Because of course it does....
It's even more impractical than you're imagining
But chipmaker refutes report and claims it's making 'good process'