Keep calm an update your router now! Indeed, a massive WiFi bug has just been discovered: The KRACK Wifi vulnerability. And all your devices are exposed… Because they all use the WPA2 encryption protocol to connect via WiFi. While waiting for your patch update, you should avoid connecting in public areas. And you should definitely use a VPN!
What is WPA2, the protocol involved in the Krack attack?
I'm almost sure you've hear of WPA2, even if your not tech savvy. Indeed, it's most likely the encryption protocol you're using to connect to your router. WPA2 stands for Wi-Fi Protected Access II. And it's a security protocol developed by the Wi-Fi Alliance to secure wireless computer networks.
So basically, the WPA2 protocol protects your Wi-Fi router and your devices from intrusions. Maybe I should now say “used to be protecting”. Because it's been cracked, or KRACKed, after 13 years of good services…
What are the risks of the KRACK WiFi vulnerability?
First of all, what is KRACK? KRACK stands for Key Reinstallation Attack. It's a security flaw discovered by security expert Mathy Vanhoef. I already told you about the risks of public WiFi in a previous article. But now even your home network is concerned!
Thanks to the KRACK WiFi vulnerability, hackers within physical range of your WiFi network can intercept your navigation data. And eavesdrop on you… Therefore, nothing that you do online remains private any more. Snoopers and hackers are able to record your activity, steal your passwords on non-HHTPS sites etc. So it's a serious WiFi bug.
Here's how a KRACK attack happens: The hacker hits your device during the four-way authentication handshake, when you connect or re-connect to a Wi-Fi network. With the use of a simple software, the hacker forces your device to connect to a clone of your network. Then the WiFi bug allows him to install an all-zero encryption key, instead of your actual secret key. Once this is done, the hacker acts like a man-in-the-middle and can control every data you send and receive.
Can you suffer a KRACK attack?
Currently, all modern Wi-Fi protected networks use this 4-way handshake, on all routers. And the implementation bug can occur on all Wi-Fi networks, whether they're using WPA, WPA2 or even AES standards. Furthermore, the KRACK attack is effective against all devices running Android, Linux, OpenBSD, macOS and Windows…
In order to hack your device, the attacker only needs to be within the radius of the WiFi signal to which your device is connected. And the maximum risk is when you connect to public WiFi of course, where hackers can steal the sensitive data of as many people as possible.
But the worst thing is that most places offering WiFi networks do not have the know-how to update the firmware of their routers… As a result, the majority of public places will keep their router buggy, exposing your devices to eavesdropping attacks. I'm pretty sure the only way they'll fix their router is when they'll change it due to technical reasons… Maybe they're not even aware of ths KRACK WiFi vulnerability, so don't count on them to inform you on the status of their network!
What can you do to protect yourself from the KRACK WiFi vulnerability?
While you should not expect free WiFi provider to fix their router, you can stay safe by following these steps:
- Check immediately if there is a patch or an update for your router
- Update the operating system of all your devices
- Visit only secure site with HTTPS protection
- Use a VPN to encrypt your data
But the ultimate security? Do not use Wi-Fi, but an Internet cable or your phone data connection. If you're at home and your router doesn't have a patch yet, my advice is not to use your Wi-Fi connection for online purchases or other sensitive activities. Instead, connect via network cable to your router whenever possible. While limited, your mobile data connection is also an option if you don't have a cable. Last but not least, turn on your VPN connection to encrypt your data traffic, so you'll become a harder target for malicious people.
The best VPN to protect your devices against the KRACK WiFi vulnerability: