A huge weakness in wifi security erodes online privacy. But the real challenge is designing with human shortcomings in mind
This week’s security scandal is the discovery that every household with wifi in this country has a network that isn’t really private. For 13 years a weakness has lurked in the supposedly secure way in which wireless networks carry our information. Although the WPA2 security scheme was supposed to be mathematically proven to be uncrackable, it turns out that the mechanism by which it can compensate for weak signals can be compromised, and when that happens it might as well be unencrypted. Practically every router, every laptop and every mobile phone in the world is now potentially exposed. As the Belgian researcher who discovered the vulnerability points out, this could be abused to steal information such as credit card numbers, emails and photos.
It is not a catastrophic flaw: the attacker has to be within range of the wifi they are attacking. Most email and chat guarded by end-to-end encryption is still protected from eavesdroppers. But the flaw affects a huge number of devices, many of which will never be updated to address it. Since both ends of a wifi connection need to be brought up to date to be fixed, it is no longer safe to assume that any wifi connection is entirely private.