What you need to know about KRACK
Some of you may have heard about a new wireless vulnerability that some very smart Belgian researchers discovered. The vulnerability has been called KRACK (love the names they come up with for these!) and potentially exists in all wireless (wi-fi) networks. It could be used to steal your information, or infect your computer.
Should you be worried?
Security vulnerabilities in software products and systems are discovered every day. Occasionally those discovered are in well-established standards, which means their impact will be very broad. In the case of this latest wireless security exploit, is it likely to impact on most networks on a global scale, as just about every device with wireless capabilities is affected.
Put simply, KRACK is bad and if you use wi-fi you should be concerned.
What can happen?
Firstly, let’s clarify what an attacker can and cannot do using the KRACK exploit; particularly on your own wireless networks.
An attacker can eavesdrop on some of the traffic between your device and your router. However, they can only see unencrypted traffic, so you are still safe when logging into banking sites and other such sites that use HTTPS and encrypt communications. The kinds of unencrypted traffic they may be able to look at includes your emails, file transfers and web browsing history.
In extreme cases, an attacker could even redirect you to a false website or phishing scam; or install malware or ransomware.
Attackers can’t obtain your wi-fi password using this vulnerability.
What should you do?
Even though KRACK is bad, it’s actually pretty easy to protect yourself.
If you have wireless routers/access points at your home or office then you would be advised to update them to patch the vulnerability. You also need to ensure any devices you use on wi-fi are also patched.
When you’re out on the road or travelling and connecting to untrusted wireless networks, always use a VPN to protect yourself. If you don’t know about VPNs, see my article here.
If you are still worried, you can always stop using wi-fi or talk to Proactive IT Solutions and we’ll help to protect you from KRACK and any other vulnerabilities in your IT infrastructure.