The Wi-Fi security flaw ‘Krack Attack’
A major new security flaw has been discovered, and it practically affects everyone who uses WiFi, it’s called KRACK (Key Reinstallation Attacks). It’s a way for hackers to decrypt and spy on anything you do online, that include seeing any password that you type in or any conversation you are having or documents you are sending.
Researchers from the Belgian University discovered the flaw and published a paper on it, which makes it particularly dangerous. It has nothing to do with the machines, but has to do with weakness in how WPA2 security was designed. That is the encryption method used in all WiFi networks.
The researcher shared the video demonstrating the attack. It showed how if the hacker is near the WiFi point, they can execute a script that tricks the system to bypass the security. Then the hacker can see everything being sent, and also infect the machine with malware. The demo was with Android, but it could be possible to do this with a number of other systems including Apple and Microsoft. However, the researcher says it is easier to attack Android and Linux operating systems.
So now you know how bad it could be, but here is the good news. This is fixable with patches. The researchers had warned companies about this flaw months ago, before going public with their discovery. Many vendors have started working on the fixes, Google is expected to patch its product in the coming week.
Now for all the average people who need to worry about is to ensure their smartphones and other devices are updated. Changing password doesn’t matter, this is about software updates for any device that uses WiFi. This includes smartwatch, TV, Refrigerator, or maybe even your car. If you have a device that is not patched, then you should be extra cautious, because any information sent to that device would be compromised. The WiFi alliance says there is no evidence that this attack has been used maliciously.
From reading the advisory on this flaw, it appears Apple and Windows iOS are not vulnerable, and as said above Android devices may need some tweaking soon. Finally, when browsing the Web ensure you see browser add-on like ‘https:// connection, it means all communication with the website is encrypted.
WiFi is not secure, but you can prevent unauthorized people from connecting and reading the traffic. This can be done by creating a VPN to encrypt all your Internet traffic. This way all the information sent from your system/device is through an encrypted tunnel, thus preventing any local WiFi eavesdroppers to snoop, and making KRACK kind things irrelevant.
With vulnerabilities like Krack which is hard to be fixed, the best way forward is to go with the standard phrase ‘prevention is better than cure’. And if you think being in public WiFi was a bad idea, well, now you know you were right.
Julia Sowells250 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.