“The sky is falling! Wi-Fi encryption has been cracked!”
That is the way the news of the Krack Wi-Fi exploit was presented in the mainstream news media. As luck would have it on the day that news broke I was working in a client’s office in lower Manhattan and took a walk out onto Wall Street so see if there was any panic breaking out. There was not. Then I remembered reading years ago that some of the big New York financial institutions had a policy requiring that the wireless Ethernet cards be removed from the laptops used by their employees. Their security experts knew then that Wi-Fi is inherently insecure and always will be, so they got rid of it in their offices.
I have always told my clients that putting a password on their wireless network is truly a joke. This is because the existence of a password on a wireless network does not provide any security whatsoever against a determined hacker or against your friends. Why friends? Because when Windows 10 debuted in 2015 it included a feature “Wi-Fi Sense” that silently sent all your Wi-Fi passwords to Microsoft so it could then share them with everyone in your address book and social media contacts. The newest version of Apple’s iOS 11 along with macOS High Sierra includes a new feature so that when someone needs the password to a network you have logged into, just hold your Apple device near theirs and instantly transfer the password to them. And why not? The password does not provide any security anyhow. Perhaps now people will finally realize that a password is of no security value if it is promiscuously available to anyone who wants it.
What Apple is doing may turn out to be all for the best if it ends up helping users to better understand security. Wi-Fi has always been insecure, with or without passwords makes no difference. Security, if you need it, can be provided by a Virtual Private Network and this is the real purpose of a VPN, to provide security in an otherwise insecure environment.
The Krack WI-Fi exploit is indeed a serious problem because it shakes our faith in an encryption previously believed to be secure. The problem is already somewhat mitigated because Apple and Microsoft have been quick to patch their Operating Systems that were affected. The bigger problem is that there are billions of smart phones, routers, security cameras, medical devices, garage door openers, kitchen appliances, printers and other devices connected to the internet by Wi-Fi that will likely never be updated to fix the vulnerability. If one of those is connected to a Wi-Fi network you use then that network is potentially insecure. Some of these devices might not wear out for decades to come so that is how long the Krack Wi-Fi problem will be with us.
Those Wall Street firms had the right idea years ago. Wi-Fi is okay if you are just fooling around on Facebook but may not be safe to use for your banking business.
Charles Miller is a freelance computer consultant with more than 20 years IT experience and a Texan with a lifetime love for Mexico. The opinions expressed are his own. He may be contacted through his web site at SMAguru.com.