Key Wi-Fi security protocol is vulnerable to attack

All technology depends on technology that has gone before it.

Sometimes the former technology needs to be revisited, to check it is still fit for contemporary purposes.

Such is the case with the WPA2 security protocol, used to encrypt Wi-Fi traffic.

It seems that it has a vulnerability that can be exploited by the ‘KRACK’ attack to decrypt traffic, and in some cases even inject malware into the traffic.

Because the vulnerability is in a protocol that is part of the Wi-Fi specification, it can affect every device that uses Wi-Fi.

Fortunately, this vulnerability was found by researchers, so Wi-Fi equipment makers were made aware of it before it was made public.

Some have already provided fixes for the vulnerability, and some soon will.

However, some equipment will inevitably not get updated, even if the fix exists, so they will be an attack target for years to come.

More detail:

https://www.krackattacks.com/?utm_source=Ubiquiti+Newsletter+Subscribers&utm_campaign=b822866b42-UBNT%3A+WPA2+patch%2C+10-16-17&utm_medium=email&utm_term=0_1c1b02cb37-b822866b42-207883025&goal=0_1c1b02cb37-b822866b42-207883025

Are technological advances plateauing?

The background

Deepening specialisations, along with standardisation, have enabled increasingly sophisticated systems to be created.

People need and want things that require more sophisticated systems.

More sophistication entails more complexity.

Problems

  1. Self-evidently, one person’s ability to create increasingly complex but reliable systems, has a limit
  2. The more people engaged in an endeavour, the less productive they become at delivering it, until it becomes unaffordable, or progress halts

Problem 1: This cannot easily be much affected, because most people have a broadly similar ability.

Problem 2: Techniques exist to mitigate this, such as using a lower cost workforce, dividing systems into loosely coupled less complex subsystems, and changing work practices to more specialised roles with narrower tool sets. However, none of them actually prevent the declining productivity as teams grow.

Evidence

A recent article in The Register points to a recently published paper, which claims “… that research effort is rising substantially while research productivity is declining sharply.”

Possible reactions

  1. Accept this plateaux in technological advances for fields that have been highly developed
  2. Grow user bases to support the extra R&D staff required, although this reduces choice and competition
  3. Reduce the dependency on human effort of developing sophistication, using for example AI techniques

802.11ad clients

Qualcomm have announced the Asus ZenFone 4 Pro will be the world’s first commercial smartphone to have 802.11ad. Asus also mention the 802.11ad capability.

There have been a few 802.11ad capable ‘prosumer routers’ available for a while, by Asus Netgear and TP-Link, so their makers must be pleased that finally users might seek them out based on that capability.

The high speed of 802.11ad makes it spectrum and time efficient, because to move an amount of data the radio can be off more of the time than a slower radio. Firstly, this means it will not occupy the spectrum (a finite resource) as much of the time. Secondly, it could potentially consume less power – always a good thing, especially for battery powered devices like smartphones.

Perhaps more interestingly, 802.11ad has an inherently short range. For a wireless personal area network (WPAN) this is a good thing. Obviously a WPAN only needs a short range, and if signals travel further than required they again reduce spectrum efficiency, because they occupy spectrum in areas where other WPANs could use it.