What is KRACK?
KRACK — which stands for Key Reinstallation AttaCK — is a recently discovered vulnerability in how Wi-Fi works to keep your information safe from people who might want to eavesdrop in on you. It is a serious flaw in Wi-FI identified by researchers in Belgium that could open the door for computer attacks.
How does KRACK work?
When you connect your phone or laptop to a Wi-Fi network, you’re not just using the key, or as it is commonly called “the W-Fi password,” to communicate with the Wi-Fi router. That just starts the conversation.
Once it confirms you know the password, then the device makes a new key to encrypt the data. KRACK works by listening to the digital conversation between your device and your router, and resending that key to the router allows the device to listen in to what your browsing and transmitting across the Wi-Fi and even create fake and fraud information like fake forms and malware on the websites you’ve visiting.
Am I in danger from KRACK?
Fortunately, you cannot be attacked with KRACK over the Internet or even from across town. Someone has to be physically within range of your Wi-Fi network. Someone would have to drive through your neighborhood and attack your Wi-Fi connection with KRACK.
Also, information you send on secured websites — the ones with the little locks on the browser — is still encrypted. So even though your conversation could be overheard, a would-be hacker would still have to break the bank’s encryption before they could steal your bank account information from the bank website.
But even that isn’t entirely safe because several sites do not do encryption on their site properly.
Also, a hacker could put malware on another website that you visit which would download to your computer and later gathers that information and sends it to them.
What should I do to protect myself from KRACK?
For once, you don’t need to change your passwords! In fact, changing your passwords won’t help.
To get rid of the vulnerability, we’ll have to fix our computers and devices that connect to the Internet by updating them. Security patches for Windows, Mac, iOS and Android are already starting to be released.
We will have to be extra diligent about installing security updates until all of our internet connected devices are fixed. Manufacturers of routers and and other internet connected devices, may have to be pressured to fix the flaw.
Owen Wilson is doing a great job of keeping track of which companies have corrected the issue on their devices. And, of course, if you need help updating your devices, Bold City IT is always here to help.