Advice for travelers to stay secure despite the KRACK WPA2 WiFi vulnerability

News provided by

TEP Wireless

Nov 06, 2017, 06:10 ET

(PRWEB) November 06, 2017 -- Being on the move between destinations is one of the times people are most at risk of using WiFi access with poor security. Trains, airports and coffee shops are all examples of times users occasionally access the internet via a router without using any sort of password and most know to be very careful of the types of information accessed at those times. But if a password is used to log into WiFi, it’s protected, right?

Mary’s story

“I always felt so cool, so smart because whenever I traveled, I could manage to stay connected by jumping from public hotspot to public hot spot without paying a penny”, says Mary, a 31 years old digital media executive from New York. Now, after a horrific incident during a trip last year, she feels silly and betrayed because a Public WiFi “stalker” managed to steal credit card and bank account information from her smartphone while quietly sipping a latte in a coffee shop in Europe. After the robber managed to shop successfully with her debit and credit cards, the bank was forced to freeze her accounts and suddenly she was without means to pay for her daily expenses overseas. She was forced to ask the airline to push ahead her flight reservation and returned home sad. It is not the end she had hoped for what should have been a wonderful trip.

Ever since, she rents a secure pocket WiFi product from TEP Wireless and she has recovered her faith in traveling connected and secure. Dr. William Nazaret, an expert in mobile internet and co-founder of TEP explains: “Mary was not doing anything unusual. As she understands now, it was crazy but not unusual to trust Public WiFi hotspots”. He continues to explain: “For the last 6 years we have been providing travelers with personal, secure WiFi connectivity for their travels abroad and we have never heard of a horror story like Mary’s among our customers”.

A revelation from the cyber-security industry this week has made this issue even more important, with the news that a loophole has been discovered allowing someone to intercept data even when using a password-protected WiFi network.

What is the KRACK vulnerability?

Most routers use an encryption method called WPA2 which has been around a long time but which was thought to be robust from attack. However, it’s been revealed this week that WPA2 can be exploited so that traffic sent between that router and a device can be viewed IF the traffic is not also being encrypted by an SSL protocol (i.e. web services using HTTPS at the start). This is the vulnerability known as KRACK.

What’s affected and how?

Both routers and the client devices they connect to are at risk. Most routers use WPA2 and it’s known that Android 6.0 and above devices are also especially at risk. Remember that an attacker must also be physically in range of the WiFi network to be an issue, they can’t threaten you remotely, so there is less risk in an area with few people around, but more so in a city. They also can’t determine a WiFi password via this method so there’s no need to change it, but they can access data going back and forth between a device and the router.

As in Mary’s story, a typical example of a dangerous situation for a traveler might be using a website form to book a hotel, restaurant table or excursion. Any personal or financial information in that message could be intercepted by someone when once the submit button is clicked.

What can be done to stay secure whilst traveling?

At home, it’s easy to know when a device and router are patched. But for travelers, there’s no easy way to find out whether the router being accessed is safe or unsafe now that even a password-protected one is vulnerable. Mobile data is not subject to this vulnerability so it can used safely but of course, when abroad that could incur huge costs.

TEP’s device, which users call affectionately Teppy, provides two crucial advantages over using a fixed WiFi network. The user and their device are always on the move together. WiFi hotspots are easy to eavesdrop on because they are fixed and all the stalker need do is sit within range of the hotspot waiting for the next victim to enter. Teppy is in the users pocket or purse and moves around with them wherever they go. This mobility complicates the task of eavesdropping on the internet connection whilst traveling.

Users will always know how many people are connected to their Teppy. So the presence of a stalker is easily detected because it shows how many people (devices) are connected to the personal WiFi hotspot. If there is one more connection than normal, it is a sign there may be a WiFi stalker. Because the Teppy is personal to the user and only verified users know the password, it is harder for a stranger to invade the connection and the users smartphone, tablet or laptop.

The device is only $8.95 per day for unlimited data usage and one device can be shared between multiple users with up to 5 gadgets connected at any one time. Tep’s portable device is amazingly travel-friendly too, it will slip into a handbag, pocket or rucksack. Find out more or buy/rent a device here https://www.tepwireless.com/

Simone Rigoni, TEP Wireless, https://www.tepwireless.com, +44 7713900264, [email protected]