What You Need To Know About the KRACK Wi-Fi Attack

What is KRACK?

KRACK — which stands for Key Reinstallation AttaCK — is a recently discovered vulnerability in how Wi-Fi works to keep your information safe from people who might want to eavesdrop in on you. It is a serious flaw in Wi-FI identified by researchers in Belgium that could open the door for computer attacks.

No Tyrone. Just no. This is a serious article.

How does KRACK work?

When you connect your phone or laptop to a Wi-Fi network, you’re not just using the key, or as it is commonly called “the W-Fi password,” to communicate with the Wi-Fi router. That just starts the conversation.

Logo of the KRACK attack
Why do scary computer attacks all have cool logos now? Did they go out and hire graphic artists?

Once it confirms you know the password, then the device makes a new key to encrypt the data. KRACK works by listening to the digital conversation between your device and your router, and resending that key to the router allows the device to listen in to what your browsing and transmitting across the Wi-Fi and even create fake and fraud information like fake forms and malware on the websites you’ve visiting.

Seriously, remember Heartbleed from 2014? That logo was pretty awesome.

Am I in danger from KRACK?

Fortunately, you cannot be attacked with KRACK over the Internet or even from across town. Someone has to be physically within range of your Wi-Fi network. Someone would have to drive through your neighborhood and attack your Wi-Fi connection with KRACK.

Meme of Antoine Dodson saying "So y'all need to hide your phones, hide your laptops, and hide your routers, cuz they're KRACKing everybody out here"
If they’re climbing in your windows, you have bigger problems.

Also, information you send on secured websites — the ones with the little locks on the browser — is still encrypted. So even though your conversation could be overheard, a would-be hacker would still have to break the bank’s encryption before they could steal your bank account information from the bank website.

But even that isn’t entirely safe because several sites do not do encryption on their site properly.

Also, a hacker could put malware on another website that you visit which would download to your computer and later gathers that information and sends it to them.

What should I do to protect myself from KRACK?

For once, you don’t need to change your passwords! In fact, changing your passwords won’t help.

"I change all my passwords to "incorrect. So whenever I forget, it says, "your password is incorrect."
*not an effective security plan

To get rid of the vulnerability, we’ll have to fix our computers and devices that connect to the Internet by updating them. Security patches for Windows, Mac, iOS and Android are already starting to be released.

We will have to be extra diligent about installing security updates until all of our internet connected devices are fixed. Manufacturers of routers and and other internet connected devices, may have to be pressured to fix the flaw.

Meme of Robin saying "I'm worried about KRACK. I'm gonna change the Wi-Fi password." Batman slaps Robin and says "No, update the router firmware!"
and operating system security patches.

Owen Wilson is doing a great job of keeping track of which companies have corrected the issue on their devices. And, of course, if you need help updating your devices, Bold City IT is always here to help.

Meme of Update All The Things
Update. All. The. Things.