Krack Attack: Recent Wi-Fi Vulnerability Explained

Krack Attack: Recent Wi-Fi Vulnerability Explained

Wi-Fi connections of businesses and homes around the world are at risk according to researchers who have revealed a major flaw known as “Krack”.

Krack stands for Key Reinstallation Attacks, which essentially gives cybercriminals new found ability to exploit WPA2, a commonly used protocol that encrypts activity across modern protected Wi-Fi networks. The weakness is in the four-way handshake -- a process between a device designed to deliver a fresh, encrypted session each time you get online. During the third step in the process, hackers can resend a key to resets the encryption key to zero.

So while the data stored on your phone is safe from hacking, with an unencrypted session hackers can pry on whatever you and your devices are doing. Depending on the network configuration, it is also possible to inject and manipulate data, too. For example, an attacker might be able to inject ransomware or other malware into websites.

As scary as this flaw sounds, there are several mitigating factors at work here. As of now, a Krack attack cannot be conducted remotely, which greatly reduces the chances of a massive breach from happening. Cybercriminals must be within close physical proximity to the Wi-Fi network to carry out an attack which lessens the risk of your home or small business being a target.  

Most importantly, much of the sensitive communications we exchange today, like online banking, are conducted using sites with Secure Sockets Layer (SSL) encryption  (i.e., websites that begin with HTTPS),  providing an additional layer of protection on top of the encryption added by WPA2. These websites were not affected by Krack. 

Additionally, large manufacturers and vendors were notified about Krack well in advance of the public announcement. As such, Apple, Microsoft and Cisco among many others have already (or soon will) have security patches available well before hackers could plan an attack. 

While their are no known exploits from Krack to date, as with any newly discovered vulnerability, it is only a matter of time before hackers find ways to use this flaw to their advantage. Given the wide-range of routers and other devices connected today, it's almost guaranteed that patches won't make it to everyone. 

Public Wi-Fi networks such as shopping centers, airports, hotels, public transportation and coffee shops have always been prime hunting ground for anyone trying to intercept personal information, and the Krack flaw adds another tool to their arsenal to target anyone not using smart computing practices. 

The bottomline is that your devices and your routers must be patched. The best way to stay protected from a Krack attack is to make sure you're current with latest software updates on all of your devices and continue to use smart computing pratices, especially on public connections, now and in the future. 

© 2020 IT Solutions Consulting, Inc.. All rights reserved. Privacy Statement  |  Site Map