There’s a hidden menace lurking in the Wi-Fi world, and it has the potential to wreak considerable havoc.
It’s KRACK (short for Key Reinstallation Attack), a flaw in Wi-Fi Protected Access (WPA) security protocol that allows attackers to eavesdrop on and steal users’ data—everything from credit card numbers and passwords to chat messages and emails—when they’re connected to Wi-Fi. Since KRACK affects the Wi-Fi protocol itself, not the device, every Wi-Fi user is potentially at risk. Android and IoT devices are particularly vulnerable.
According to Mathy Vanhoef, the researcher who discovered it, KRACK works against all modern protected Wi-Fi networks. Vanhoef also found that, depending on the network configuration, KRACK also makes it possible to manipulate data—and inject ransomware or other malware into websites.
How to safeguard against Krack
Of course, the easiest way is to use a wired Ethernet connection, or stick to the cellular connection on your phone and avoid Wi-Fi altogether. But this isn’t always possible and certainly not practical, especially in areas with spotty network coverage, so it’s best to take the following precautions:
- Keep devices up-to-date with the latest security patches.
This includes all routers and Wi-Fi devices (laptops, smartphones and tablets). Also turn on “auto-updates” in anticipation of future vulnerabilities. And, to safeguard against ransomware and other malware, be sure to update antivirus software, too.
- Install the HTTPS Everywhere browser extension, which is available on Google Chrome, Firefox and Opera.
This automatically instructs the browser to use the HTTPS version of a website—when both unencrypted access (HTTP) and encrypted access (HTTPS) are available.
- Use a VPN you trust—ideally one you pay for.
Going with a paid reputable service reduces the chance of your profile being tracked and sold to third parties. Also, confirm that the VPN you’re using doesn’t keep logs. That way, the provider can’t collect your browsing activity—and sell or expose it.
- Adjust your device’s default Wi-Fi signals down.
This reduces the possibility of spillage into public areas—and lowers your chances of a Wi-Fi-based attack.
Welcome news for Wi-Fi users
Moving forward, the Wi-Fi Alliance will require testing for the KRACK WPA2 vulnerability in its global certification lab network. This means new devices will be protected out of the box. In the meantime, taking the precautions outlined here provides a good line of defense. As your customers’ trusted IT expert, you’ll want to share them with your customers, too.