So What’s The KRACK? How To Protect Yourself From The WPA2 Flaw
18 October 2017 00:00
As far as vulnerabilities go, a security flaw that means anyone in any household or business could be the victim of a hack is a pretty big threat - and that’s exactly what the ‘KRACK attack’ is capable of.
What is the KRACK WPA2 hack?
Make no mistake, this has the potential to be a severe flaw.
The key reinstallation attack (KRACK) was discovered by a cyber security expert at Belgian University KU Leuven, and was met with a mountain of opinions and concern from the cyber security world earlier this week.
Using KRACK, an attacker can exploit a serious weakness in WPA2 (a protocol that secures all modern protected WiFi networks). Hackers can then use this attack to read information that was previously thought to be encrypted - including credit card details, emails and login credentials.
Effectively, this flaw can enable an attacker to obtain or spy on your data, and gain access to other unsecured devices that share the same WiFi network. The WPA2 security flaw is reminiscent of the WEP hack just 16 years earlier, which was subsequently deemed unsafe to use in order for adequate data protection.
Can the WPA2 threat affect me?
Short answer - it's extremely likely. Anyone using modern WiFi protected networks is within arm's reach of the vulnerability. If you’re using such networks (which let’s face it, most of us are) then it’s possible for a cyber criminal to inject forms of malware, such as ransomware, into websites by manipulating data.
The expert who discovered the flaw has also found that users of Android, Apple, Linux and Windows are all affected by some variant of the attacks.
There is some good news though! The National Cyber Security Centre (NCSC) said that banking services and online retailers are still safe to use, as an “attacker would have to physically be close to the target and the potential weaknesses would not compromise connections to secure websites”.
Similar read: 5 ways your users can stay safe when using public WiFi
How can I safeguard myself from the KRACK hack?
Everyone’s pet hate, but unfortunately, it has to be done. This simple step might be a bit painful, but keeping all of our devices up to date will help address new threats that are always popping up. It might not be the answer to all our security problems, but it’s an easy first step to accomplish. And don’t forget, mobile devices are vulnerable too, so make sure to update them.
Lay off the public WiFi:
Another easy step (unless you’ve completely drained your data) is to avoid public WiFi networks until patches begin to roll out. Also, stay away from any websites that don’t use HTTPS. Another useful tip is to use an ethernet cable to connect your computer directly to the router, then install any updates that the router has outstanding.
A virtual private network (VPN) is another method of protecting your data and sensitive information from the WPA2 KRACK vulnerability. There’s plenty of good ones out there - and plenty of not so good ones.
Take a look at some forums and reviews online to find the best tool that's suited to you.