This past month, researchers have found that a there’s a major flaw in WiFi’s WPA2 security that makes it possible for hackers to eavesdrop on your data when you’re connected to WiFi networks. Called KRACK (short for Key Reinstallation Attack), this flaw is in almost all protected WiFi networks (like the one you probably have at home).
The WPA2 standard was introduced in 2004, and is the recommended standard for all wireless networks. Up until now, it was thought to be relatively secure.
How the KRACK attack works
The KRACK vulnerability targets one of the steps during the “handshake” that’s performed when your device (like your computer or mobile phone) attempts to connect to your protected WiFi network. The encryption key your network uses during this connection process can potentially be collected and replayed by hackers, breaking your network’s encryption. It basically allows an attacker access to your network without your password.
Instead of your access point that’s vulnerable, KRACK targets the devices you use to connect to your wireless network.
If a hacker attacks your secure network via this vulnerability, they can see and steal anything you do online, including accessing your credit card numbers, passwords, IMs, emails, photos, and more.
Which devices are affected?
If your computer or mobile device uses WiFi to connect to your network, it’s likely vulnerable to the KRACK flaw to some degree, although some devices are more susceptible than others.
Android, Linux, Apple, and Windows devices are all affected by the attack, although most current Windows and iOS devices are not as susceptible because of how Microsoft and Apple implemented the WPA2 standard.
How you can stay safe
Luckily, there are some steps you can take to stay safe from being a victim of this vulnerability.
- Update all of your devices: Update all of your devices and operating systems to the latest versions. Almost all operating systems and devices have already made a patch available to fix this vulnerability.
- Know that KRACK is a local vulnerability: Hackers need to be in range of a network in order to execute this attack on connected devices, so the odds of this happening to your home network are very remote. Still, it doesn’t hurt to make sure you are protected, so be sure to update all your devices and operating systems.
- Protect yourself with a VPN like Private WiFi: A VPN like Private WiFi encrypts all the data flowing from your device across a network, keeping you safe from any KRACK attack. It’s always a good idea to have a VPN if you care about your online security.
As always, the best defense when it comes to online security is a good offense. So stay ahead of KRACK by updating your devices and operating systems and continuing to use a VPN whenever you log into WiFi networks.