Due to a destructive weakness in Wi-Fi WPA security protocol, online attackers and fraudsters are now able to snoop on personal data of any user who is connected to Wi-Fi. The global issue named KRACK targets the protocol of Wi-Fi as such and can breach almost any protected Wi-Fi network. Good news is though that all of the largest tech providers are doing their best to fix the problem as soon as possible.
This article reveals all you should know about the KRACK attack: how does it break security code of Wi-Fi, what happens next, which devices are most vulnerable and how to protect self against the attack.
The name of the issue KRACK is an abbreviation which initially stands for Key Reinstallation AttaCK. The attack takes place when Wi-Fi client on your device tries to get connected to a protected Wi-Fi. In a case when an inscription key is resent several times, the retransmissions may be collected and replayed in a specific way by KRACK attackers. This is how the security encryption of Wi-Fi gets broken.
What devices does KRACK affect?
Basically, all devices using Wi-Fi may be affected by KRACK attack. However, some of them are more vulnerable than others. Further in the article, you’ll find more information about various devices being targeted by KRACK in particular.
What may happen to a device once its Wi-Fi encryption is broken by KRACK?
First of all, an attacker may eavesdrop on any traffic sent by you over the Internet. All of your sensitive information including passwords, numbers of the credit cards, any private messages, images, emails, etc. can be abused this way. Besides, an eavesdropper can see the websites you are viewing, look through your login credentials and basically hijack any of your online accounts.
According to the US Computer Emergency Readiness Team, the consequences of KRACK reaching out your device can lead to hijacking of TCP connection, packet replaying, decryption, injection of HTTP content, etc.
In particular, injection of HTTP content means that an attacker may steal codes to the websites you are viewing, and infect your laptop or PC with malware or ransomware. Check out your current antivirus or look for new reliable software, to protect your device.
Are you vulnerable to KRACK when out of home?
By the moment, there’s not enough data to tell if KRACK attacks are also actively happening ‘in the wild’ – whenever one is out of their home and might be using an unprotected Wi-Fi connection.
However, the good news is that to access one’s device with KRACK, an attacker has to be at a relatively close distance, at a range of one’s Wi-Fi connection. This means that no user can become exposed to everyone on the Web all of a sudden.
How to safeguard self from KRACK Wi-Fi attack?
You should keep your device updated. Latest updates downloaded on your PC or laptop help to withstand KRACK. Today, such patches are being released rather quickly by all major OS and hardware developers. As an example, latest Windows running PC’s are already protected.
While you are expecting for the updates to arrive on your device, you can singlehandedly take measures to withstand KRACK attack.
- If possible, try to connect your laptop or PC to the Internet through wire/cable.
- Use cellular connection instead of Wi-Fi on your smartphone.
- When using a public Wi-Fi spot, even if it’s protected with a password, – tend to use the websites which URL’s start with HTTPS – meaning, that’s the type of encryption they use. Such websites will remain safe even if Wi-Fi security gets broken. URL’s of unsecured websites start with HTTP.
- As a variant, you can use VPN (Virtual Private Network), to keep all your traffic hidden. However, remember to choose a VPN agent wisely; a free random VPN might be stealing your data itself.
- Keep antivirus software updated and active.
Summary on Wi-Fi router and device security
Is your smartphone at risk?
KRACK is a type of attack that goes not after a device, but after information sent from it. Thus, data saved on your smartphone stays safe until you send it via the Web. Credit card numbers, passwords, private messages, emails, etc. are what KRACK attackers aim for.
Is your Wi-Fi router vulnerable to KRACK?
That’s closer to the main point, but still not exactly. KRACK aims data sent, not a device as such. Thus, all websites but for HTTPS ones are potentially vulnerable.
Will changing the Wi-Fi password help?
You can change the password, but it still won’t protect you from KRACK, which basically targets information that your router is only going to encrypt. The attacker doesn’t need to hack the router by cracking its password.
Are all devices using Wi-Fi at risk?
That’s correct. Basically, all devices that send and receive data over Wi-Fi can be accessed by attackers.
What about Android mobile devices?
According to researchers, Android running mobile device are at bigger risk of KRACK attack than others. Moreover, devices running on the latest Nougat 6.0 OS are more prone to attack than others. Google released the security patch for them at the end of the last year. However, cellular providers and Android hardware developers are still releasing similar parches for all other models of mobile devices. Many older devices risk not receiving the update at all.
Are Macs and iPhones safer?
Apple devices are safeguarded better than Android ones. Apple stated that all current versions macOS, iOS, tvOS, and watchOS received patches against KRACK.
What regarding Windows-running PCs?
Windows PC’s are safe once you stay updated. The Microsoft Corporation released a patch against KRACK for Windows PCs last October, even before the problem of the attack went public.
How to check if a mobile device has received an anti-attack patch if its updated are turned on to automatic?
You should check on software updates of OS through Settings app and learn when the latest version has been downloaded. Keep an eye on Owen Williams’ list of companies that have already released the anti-KRACK updates.
Don’t forget to check and update your router to any pending updates through the admin page. Checking on the upcoming updates every day is a wise habit. Many of the biggest providers have already released their patches.
Follow our tips to keep your devices safe from KRACK attackers. Simple actions will help you to protect self. Probably, the only way to avoid the risk completely is to stay away from using Wi-Fi which is clearly not an option for the most of users.