Do you have a WiFi router that you use in your home? Do you use public WiFi on your tablet, smart phone, or laptop? If you’re like the vast majority of folks who use WiFi on a daily basis, you may be under attack. If you have WiFi in your home, or use these devices, you might recognize the acronym WPA2 on the various WiFi networks displayed in your “Network and Sharing Center.” WPA2 security is a secure WiFi protocol, and it helps to keep you safe from snooping strangers, but unfortunately, it has a major flaw.
The vulnerability is being called KRACK, or Key Reinstallation Attacks. Not only does this allow people to eavesdrop on you, it also allows ransomware and other malicious code onto your network. In other words, the bad guys can use this vulnerability to steal personal and sensitive information including passwords, emails, photos, and credit card numbers. Basically they can get full remote control over your devices.
People who are using Android or Linux devices are the most vulnerable. KRACK is very effective against these operating systems. In fact, it has even been suggested that those with Android turn off their WiFi until there is a patch for KRACK.
There is good news, fortunately. There are already new patches rolling out, and more are coming out quickly. Additionally, secure sites, those that have HTTPS instead of HTTP, are also still secure.
It also appears that, in order to gain access to a WiFi network, the criminal has to be physically located next to your router – parked outside of your home, for example. So, a KRACK attack can’t be done remotely. So, while you may not be as vulnerable at home, public WiFi hotspots are still a big concern.
How to Avoid Being Impacted By KRACK
- Stay away from free public WiFi connections whenever possible, but if you must connect, use a VPN software which encrypts all WiFi security communications.
- Try and only visit secure sites containing HTTPS in the address bar.
- Install any new patches offered up by your hardware/software as soon as they become available.
We aren’t totally sure what the fallout from these KRACK attacks might be. Experts think that this is a vulnerability that is tricky to take advantage of, and major platforms, such as macOS, Windows, and iOS are patched with automatic updates. However, there are millions of routers and other devices out there that are unlikely to get patched or fixed. This means that the true impact of KRACK could go on for many years.
Again, if you have a Mac or Windows computer, or an iPhone, check to see if updates are available. Install your patch right now. If you are using an Android device, check often for updates. Same thing with your router. Back up your routers current settings and update to the latest firmware. However, it could take a bit to get a patch out. For other devices, such as your printer, it could take much longer.
Long story short: Always apply security updates as soon as they become available for your device.