KRACK Vulnerability and Consumer Security

The recently discovered vulnerability on WPA2 (the most secured Wi-Fi cryptography protocol) by security researcher Mathy Vanhoef, named KRACK has hit the news all over the world. WPA2 has been the industry’s “secure” password standard since 2004. This discovery left millions of users exposed to potential data and identity theft. Such a security hole places everyone using Wi-Fi under a great amount of risk and raises a lot of questions regarding how the average user can cope with incidents like this one.


Large Enterprises and Governmental agencies have a number of skilled security engineers in their ranks or Managed Security Services Providers (MSSP) in their budget, but this is definitely not the case for every you and me. Consumers require their ISP or their router vendor to be able to manage such issues in a “consumer”-level MSSP way. In other words, users would highly appreciate if their devices were updated automatically, not only firmware-wise, but also on security policies level and they would be willing to pay a premium for that. Unfortunately to date, most ISPs, if not all, are slow in reacting to such events. This is either due to the fact that they deploy cheap CPEs, whose manufacturers are slow in developing patched firmwares or due to limitations on available resources to handle such activities; even if automations like TR069 are in place.

This might be an excellent idea for startups to ride the consumer security wagon and provide enhanced security services to consumers, so as to protect them, their data and their IoT environments in a seamless and zero-touch way. This could also be an ideal launch event for 5G services of Mobile Operators, which in a way could make Wi-Fi obsolete, at least as we know it until today.

Unfortunately, this might be the first from a number of vulnerabilities that will hit the news this week. Another vulnerability, ROCA, has been made public and affects the likes of Google and Microsoft, leaving consumers wonder if they have a way to defend themselves.


If you ❤ this please share it with your peers! Thank you!

Originally published at on October 16, 2017.