If you’ve been reading the news this week, then you’ve probably caught wind of theKRACK (KeyReinstallationAttaCK) vulnerability, which implies some serious security concerns for almost anyone utilizing Wi-Fi networks at home or work.
KRACK impacts both the WPA2 and WPA1 Wi-Fi standards. The former is the most popularWi-Fistandard in use today, and it’s also supposed to be one of the most secure. On that note, this vulnerability can be a bit concerning.
Curious about how it might impact you? You’ve come to the right place. In this piece, we’ll attempt to dispel rumors and help you understand how this vulnerability affects yourprivacyandsecurityon Wi-Fi networks.
What is a KRACK attack?
KRACK is a flaw in the multi-step handshake system that occurs between devices. With it, a hacker could take advantage of the vulnerability to eavesdrop on your Wi-Fi traffic.
What could a hacker snoop on?
A hacker with access to a KRACK attack would be able to see almost anything you shared over your affected Wi-Fi network. This includes stuff like chat/emailhistories, credit card numbers, passwords,photos, and more.
How does it work?
During the multi-step handshake exchange between your machine and your wireless router, the devices confirm with one another that you’ve got the correctpasswordand encryption keys.
The encryption keys are supposed to change frequently during your interaction with the wireless router, but KRACK allows the same keys to be re-used again and again, which makes your connection easier to crack.
What devices are affected?
Almost any device that can connect to a Wi-Fi-enabled network is affected. This includes your wireless routers, your smartphones, your tablets, your computers, etc.
The security researchers who found the vulnerability say thatAndroidand Linux devices are the most susceptible, but that doesn’t excusemacOS,iOS, and Windows devices among others. Some manufacturers, including Microsoft, have already released updates.
How do I know if I’m being snooped on?
Unfortunately, there may not be a way to tell if you’ve been (or are being) snooped on.
On the other hand, a hacker needs to be in the range of your Wi-Fi network to attack you. With the broad scope of Wi-Fi connections available to the public, hackers will probably focus on bigger institutional networks moreso than small privately-owned home networks because of the potential gains to be had.
Fortunately, those behind KRACK’s discovery suggest that most hackers probably don’t know how to utilize the attack, so the chances you’ve been exploited are slim.
How can I patch the KRACK vulnerability?
Device manufacturers will follow up with softwareupdatessoon that patch the vulnerability on their devices. They will be released at the discretion of the manufacturer so updates may be issued by various companies at different times.
You will need to install these updates on every one of your devices, including your wireless routers, to ensure that you’re protected. Be sure to check for updates frequently throughout the day.
Note that the vulnerability has beenpatched in Apple’s latest developer and public betasfor iOS, watch OS, macOS and tvOS
How do I update my wireless router?
Routers, unlike a computer, don’t have a screen and input devices that you can look at and interact with to install software updates. Instead, you’ll have to log into your wireless router from your computer through your favoritewebbrowser.
Many wireless routers can be logged into by putting “192.168.1.1” in the URL bar of your web browser, but this isn’t the case for all of them. Different routers often have their own instructions for logging in depending on how they’re configured.
You may want to contact your ISP or wireless router manufacturer to learn how to perform updates on it.
What if I have no updates?
It could take some time for device manufacturers to release their updates.Applehas already said that updates for iOS, macOS, etc. will be released “in coming weeks,” and thatKRACK is already fixed in the latest betas.
How can I protect myself?
If you are forced to use an impacted machine or device without updates in the meantime, you should make sure you deploy HTTPS connections with websites whenever possible. HTTP connections (the non-secure variety) are more susceptible to snooping. Most HTTPS connections will keep you relatively safe.
When HTTPS isn’t available, you may opt to use a virtual private network (VPN) to help shield your data. If you need a reputable VPN,check out some of the ones we’ve recommendedin a previous roundup.
Alternatively,you can use an Ethernet cableto connect your machine to the internet, as wired connections don’t broadcast your internet usage like wireless networks do.
If you’re using acellular-enabled device, you might consider using cellular data instead of Wi-Fi until your manufacturer posts an update for your software. Cellular connections are not susceptible to the KRACK exploit.
The wrap-up
With all the things humankind does on the internet these days, it’s imperative to ensure your information is as secure as possible. Head the warnings and take the steps necessary to update your devices so that your personal information doesn’t fall victim to unwanted attacks.
If you have any other questions about KRACK, please drop us a comment below so we can try our best to reply and spur up some conversation.
