The Krack hack – is it the end of the world, or worse: is WPA2 dead?

The Krack hack – is it the end of the world, or worse: is WPA2 dead?

So here we go…

I recently read rather a lot of articles entitled “WPA2 is dead” or “The end of wireless security” and so on, online, and actually saw stuff on the news (TV news channels).

What happened then?

Well let’s spread some truth in the vast world of “exciting” news cycles, and dramatic news bulletins.

What I am going to do, is to tell you some truths about the Krack virus (actually got an email from a family member, someone who was worried about this, because they saw this Krack virus on British news!)

 

Is it a Hack? Is it a Virus? No it’s a Potential Vulnerability!

So, first of all, it is NOT a virus, nor is it a hack. It is a potential vulnerability in the current implementations of some vendors’ WPA/WPA2 protocol stacks.

What does that mean?

So, for the wifi-and-cybersecurity-is-magic folks (basically anyone who isn’t an uber-geek and is quite happy for wifi to “just work” – i.e. 99% of the population), what this means is that there is a potential problem/loophole that can be exploited or used to possibly break into the encrypted stream of one or some of your wireless clients. Basically, a couple of guys (and gals) have played around with vendors’ implementations of the WPA and WPA2 modes of operation. They found, under certain circumstances, that these vendors equipment is susceptible to being manipulated to give away secrets that can help bad guys (and gals) abuse and maybe break into networks.

Now these are good guys (and gals) who have “outed” this problem, and they have done it so we can make the world a better place.

It’s important to understand that it is a potential vulnerability and that no code has been written (as of late October 2017) to take advantage of this that we know about. The problems with the statement I just made is “that we know about”. Hackers are probably busy at this moment writing code to do just this. So we have to treat this seriously.

So, what happened next? Well the folks that discovered this, regard themselves as “good guys (and gals)”. They responsibly notified vendors about this potential hack, well before releasing it to the public. Vendors started to work on and release patches that protect from this vulnerability. Good on you vendors, it is the right and responsible thing to do. Our vendors have our backs here and have released, or are releasing, fixes for these potential problems. Our advice is to check with your vendor, see what they say, and take it from there.

Now I was going to spend some time digging into this and writing a lovely blog for you all on this subject. But my good friend Heather Williams at Ruckus has done such a great job, I will refer you to her blog entry on this:
https://theruckusroom.ruckuswireless.com/wired-wireless/technologytrends/commonsense-approach-uncommon-problem/

Heather goes into great detail, in her blog entry, about the vulnerability, what it does, and that it is, in fact, NOT the end of the world.

Heather even includes a link to an article by Kevin Beaumont that includes the original document released by our friendly good guys (and gals), who discovered the vulnerability.

Heather also includes a link to a blog entry by Peter Mackenzie which gives follow up links to much more information and details on the Krack vulnerability. (By the way, Peter’s post is on the WLA website – WLA is a great resource and community to get involved with for WiFi engineers, we highly recommend you take a look at the site).

So is WPA2 Dead?

I don’t think so. Let us know what you think.

 

That’s it for now. I will include the follow up links from Heather’s site for reference and include a link to the WLA. Stay safe and see you next month.

 

If you are looking to make your mark in the IT Industry, then NC-Expert offers excellent training courses aimed at relevant IT industry certifications – contact us today to get started.

NC-Expert Blog

Vendor-Neutral Certifications Matter More Than People Think

By Rie Morgan June 1, 2026
We all know that technology changes fast : vendors update products, rebrand solutions, release new platforms, and occasionally decide that the feature you spent months mastering is no longer "fashionable". In an industry that constantly evolves, it’s fair to ask an important question: Should you focus on vendor-specific certifications, or do vendor-neutral certifications still have a place? The answer might surprise some people. Despite the growing number of vendor-specific training paths, vendor-neutral certifications such as CompTIA Network+, CompTIA Security+, and CWNP Certified Wireless Network Administrator (CWNA) continue to provide enormous value. In many cases, they offer benefits that extend well beyond a single product, platform, or employer. For engineers pursuing a promotion, changing careers, or trying to build a stronger professional foundation, vendor-neutral certifications may matter more today than ever before.

IT Certification Exams: the Struggle is Real!

By Rie Morgan May 20, 2026
Why Experienced Engineers Sometimes Struggle with Certification Exams If you’ve spent years working in IT, there’s a good chance you’ve had this thought at some point: "I do this stuff every day. Surely the certification exam will be easy?" Then reality arrives. You sit the exam. The questions seem strangely worded. Topics appear that you rarely touch in your day job. You find yourself second-guessing answers you know are correct in the real world. Before long, confidence starts to evaporate. It’s a surprisingly common experience. In fact, some of the most experienced engineers occasionally struggle with certification exams, not because they lack technical ability, but because experience and exam readiness are two very different things.

Strong Passwords and Protocols

By Rie Morgan May 7, 2026
We are constantly being told to make sure our passwords are secure, and create a secure password. But oftentimes, the same sources don’t clearly explain how to do this and we are left puzzled and concerned about how to get it right. In this blog I will attempt to draw together the most reliable sources and explain what they mean and how to create the best password for your needs.