The WPA2 encryption your Wi-Fi basestation uses isn’t as secure as you thought. Security researcher Mathy Vanhoef revealed a flaw that makes any WPA2 encrypted data on a WiFi network hackable, regardless of what operating system you use.
KRACK flaw makes WPA2 hackable on any WiFi network. The flaw, called Key Reinstallation attack (KRACK) takes advantage of a flaw in the WPA2 standard that lets an attacker decrypt the data flowing through the wireless network.
Here’s my advice: OK, so Apple is the least vulnerable here, but still – it depends what serves your WiFi, an Apple AirPort or something else, do you know? If it has been updated recently, it should be OK, but if you installed it a couple of years back and have never looked at it since, maybe not.
If it’s an Apple AirPort, the updates should appear and be installable should you launch the AirPort Utility in the Utilities folder in your Applications folder (or Finder, Go menu>Utilities).
Either way, if any new security updates come for whatever devices you use to create your WiFi zone, you should update them immediately.
On the upside, it’s extremely unlikely you are a target considering whoever tries to hack into your zone needs to be within 50 metres of your WiFi server (modem, AirPort, whatever) and have the know-how to do it.
This would be much, much more likely if:
1/ You are known or suspected to have something people would really want to steal, and
2/ You were in a highly built-up area, say in an urban apartment complex.
Another vulnerability is WiFi-ready environments including cafes, libraries and airports. Who knows how good they are at updating their stuff, and who else is sharing that network?
Your home network is probably pretty much off the radar – of course, if you’re a well-known currency trader working from home, with easy access to someone sitting in a car with a laptop or iPad within 50 metres, that might be a different story.
For now: I would be more inclined to make sure the Firewall is on (System Preferences>Security and Privacy, Firewall tab) and keep monitoring the Apple news. I mean, it’s easy to imagine swarms of hackers out there converging on your house, butit’s SO unlikely in real life, Busy internet cafes, sure.
Also, using a VPN neatly sidesteps the issue completely, although it slows things down to a quarter speed.
For example, this deal at Apple World Today couldn’t be more timely.