The WPA2 encryption protocol — which protects Wi-Fi routers and connected devices from being hacked — has been compromised. Unencrypted web traffic served over HTTP connections is very vulnerable to this hack, while HTTPS is much safer. This hack is another example of why HTTPS is so important to security online.
What is WPA2?
WPA2 (Wi-Fi Protected Access) is the encryption protocol that is used to secure Wi-Fi connections. It is the worldwide standard for Wi-Fi password security.
How was it hacked?
This piece from The Register goes into depth about the specifics of the vulnerability, and the Belgian researchers that uncovered it. One of the key aspects of the vulnerability is that the attacker conducting the hack needs to be on the same connection as the victim, which restricts the impact of the vulnerability.
Why is HTTPS safer?
HTTPS offers an additional layer of encryption and means that internet traffic served over those connections is still safe.
However, unencrypted, plaintext information sent over HTTP connections can be scooped up easily by attackers exploiting this vulnerability, laying bare passwords and other sensitive information. The United States Computer Emergency Readiness Team (Cert) warns that all HTTP traffic should be considered public, and viewable by any other user on the same network.
Further security implications of the vulnerability are explored by Caleb Chen in his post for PrivateInternetAccess.
How can you protect your readers?
This vulnerability demonstrates why HTTPS is so important, and how it can be used to protect your readers. Switching to HTTPS should be a top priority for publishers who are yet to make the switch.
As these high profile vulnerabilities become more common, your readers will expect publishers to offer encrypted experiences. Readers’ eyes will scan for the green padlock more and more, and not only will they be grateful that you have it, but will also return to your side. This will increase brand loyalty for those publishers that treat security with the utmost importance.
Stay tuned for more updates.