Why can KRACK be so dangerous?
Cybersecurity experts have discovered a critical weakness in Wi-Fi connections that could make your private information vulnerable to cyber criminals. The threat is called KRACK (key reinstallation attacks) and could allow someone to steal information sent over your private Wi-Fi or any open connections you might access in public places like coffee shops.
KRACK is dangerous because it affects so many people. Most people who connect wirelessly to the internet through Wi-Fi on their phone, tablet, laptop, etc. do so using the WPA2 (Wi-Fi Protected Access) protocol that helps keep your information safe by encrypting itâmaking it a secret code. Only now, KRACK has made it much less protected because thieves may be able to decypher the code that protects your information, and read it whenever they want.
Cyber criminals can also use KRACK to modify wirelessly transmitted data to and from the websites you visit. You might think youâre going to your bankâs website, when in reality youâre at a fake phishing site made to look like it. You unknowingly enter your username and password, and the thieves now can record that information.
How do I protect myself?
Update your operating system
Update your OS ASAP. In the meantime, Apple, Google and others are presumably working to roll out a patch to protect against KRACK.
Microsoft just announced it included a patch in an October 10th security update. For Windows customers who have their âWindows Update enabled and applied the security updates,â theyâre automatically protected from the KRACK threat, according to Windows Central.
However, donât assume youâre protected. Even if youâre a Windows user, double check you have the latest security updates.
Use Wi-Fi networks only when necessary
Until youâve installed the security KRACK patch, avoid using Wi-Fi connections, both at home and especially public hotspots. Your home Wi-Fi connection is slightly more secure only because cyber thieves need to be relatively close to your physical location to steal your data. But that doesnât mean youâre safe at home or in public.
If you absolutely need to use a wireless network, make sure youâre not transmitting confidential info like your SSN, credit card number, or bank information.
If possible, hardwire your wirelessly connected devices back to your modem/router. Cyber criminals canât steal signals out of the air if theyâre not there, so find that yellow ethernet cable you stashed somewhere in a drawer and use it to connect to as many devices as possible.
Update your wireless routerâs firmware
Your routerâs firmware helps it work correctly with your devices, so keep it up-to-date. When the security patch rolls out, you donât want any issues with conflicting or unsupported firmware versions. Updating your routerâs firmware is a relatively painless process.
Configure your router so only your approved devices can connect to the network. Each of your devices has a media access control (MAC) address that uniquely identifies it to work with the network. Configure your router to only allow listed devices. The process may differ depending on your router brand.
Hide your Wi-Fi network so even those close enough to detect your signal wonât see it listed. Hiding your network wonât stop dedicated hackers from eventually finding it, but it will create another step they must go through, which is your goal until the patch comes through. Itâs likely it will take developers some time to adequately address KRACK, so stay vigilant.
Avoid unencrypted websites
Encrypted websites contain an HTTPS at the beginning of their URLâs. The information you send and receive to them is secure. Websites that only use the HTTP are NOT encrypted. So use HTTPS sites as much as possible. HTTPS Everywhere is a browser plugin that automatically switches thousands of sites from HTTP to HTTPS.
Get some good cybersecurity software
Having cybersecurity software always helps mitigate risk. For critical attacks like KRACK, itâs especially important to add as many layers of protection as possible.
What information can be stolen?
Anything you can send wirelessly over the internet. So, pretty much everything. Passwords, credit card numbers, voice messages, pictures, texts, and the like. Again, this goes for both public and private wireless networks, so your info could be stolen while youâre signed in to the libraryâs Wi-Fi network or when youâre texting someone from your living room. Deactivate your cell phoneâs Wi-Fi connection until youâve gotten the fix from your OS developer or stay on 3G network for data transfer.
Can it affect my devices?
Strictly speaking, no. Neither your wirelessly connected devices nor your router are being directly targeted. Unlike ransomware, thieves arenât KRACKing into your device and threatening to destroy your information. Itâs more of an elaborate heist job than a hostage situation. They want to decrypt the protocol, to eavesdrop on what your devices are saying. Theyâre interested in the info not who is talking. More importantly, thieves want to go unnoticed.
How did the KRACK vulnerability happen?
Your cell phone and Wi-Fi device (i.e. modem) need to âtalkâ to each other decide on how to work together transmit data. The language they use is called a protocol, or system of rules. The protocol is encrypted for privacy. Itâs like if two people switched to a different language to discuss something privately. If you donât know the language, youâre in the dark. Thatâs how your information is kept private when sent over Wi-Fi.
But the KRACK attack gives cyber criminals an opening to decrypt the information sent. It would be like someone bringing an interpreter to the coupleâs private discussion. They now can overhear everything thatâs being said.
Can I tell if someoneâs stealing my info over Wi-Fi?
As of yet, thereâs no way to know if someone is KRACKing your wireless access. That’s why it’s especially important to keep an eye out for an update, and to follow the safety recommendations above.
8 comments
Finally!
I consider myself a technical person, but this article actually explains the KRACK issue so that I can have confidence in the steps I am taking to minimise risk. I think it’s the third article I’ve read on the matter and the first time I’ve made sense of what’s going on.
Thank you, Panda.
Hello Tim!
We are glad to know our content is helpful, it helps us knowing we are going on the right direction and keep offering you valuable content.
Thanks for reading us!
Best regards,
Panda Security.
These is a really great article, thank you for sharing and i would like to say that, please keep sharing your information for us.