Last week, news about a Key Reinstallation Attack (KRACK) went public. There is a security flaw in Wi-Fi Protected Access II (WPA2), a protocol that secures all modern protected Wi-Fi networks. An adversary can break the encryption between a router and a device. Then, they can steal sensitive information, like credit card numbers, emails and passwords.
KRACK is one of the worst cybersecurity incidents of all time. Companies are racing to fix the problem as soon as possible. Below, you can learn if your information is compromised, more about the attack and how you can protect yourself moving forward.
Are You Impacted?
Do you use a desktop, laptop, smartphone, tablet, e-reader or any other device that uses Wi-Fi? If so, your information may be compromised. 60 percent of the world’s Wi-Fi networks use WPA2-the security protocol with the vulnerability.
If you use one or more devices with Wi-Fi capabilities, you should consider yourself at risk. What makes KRACK so concerning is that it isn’t a simple issue. There’s a problem with a widely used protocol.
Although the scope of the attack is very large, the fix is pretty simple. You need to update your devices. Software manufactures were made aware of the issue months before the public. They’ve been working on fixes since they were notified, and most of them have been completed. For example, Apple’s fix is included in their latest update.
You may want to reach out to your vendor directly to understand when they will fix the issue. It’s also important to keep in mind that your devices and routers need to be updated. Although experts suggest that people should protect their personal devices first, they will also want to ensure that their routers are updated.
Routers have something named firmware that needs to be updated from time to time. Firmware is essentially the operating system that’s designed for your router. Every so often, your router’s manufacturer will provide firmware updates on their website. Manufacturers are currently releasing firmware updates that fix the Wi-Fi vulnerability. New updates may also upgrade features and provide entirely new security mechanisms that weren’t in place before. Updating your router can increase its overall performance, too.
Every router is different, but many users take advantage of the same process to upgrade their router’s firmware. To learn more about the basic steps of this process and how you can update your router, reach out to HelpCloud, a technical computer support, repair and optimization company.
Another way to protect yourself is with a virtual private network (VPN). A reputable VPN will help keep you safe from a potential KRACK attack. It will also protect you when you use public Wi-Fi. These fast and convenient systems work on computers as well as phones.
Choosing a VPN is a somewhat complicated process. Since the VPN encrypts your personal data, a VPN provider technically has access to all of your browsing activity. Selecting a trustworthy and established company is very important when it comes to choosing a VPN. First, you’ll want to pay for your VPN. Paid services are generally more trustworthy. Free VPN services are more likely to steal your personal information and sell it to third parties.
Talk to a variety of vendors and see which ones offer paid, auto-connecting VPNs. It’s easy to forget to turn on your VPN. Most users benefit from a system that automatically turns on when they join a public network.
A Simplified Explanation
The easiest way to understand the WPA2 vulnerability is to put yourself in the shoes of a hacker. If you were a hacker, you’d start by identifying a network that has the WPA2 vulnerability. Remember, this is about 60 percent of networks. You might find that many of the coffee shops down the road from your house are possible targets.
Next, you’d wait for someone to connect to one of these Wi-Fi networks. As soon as the person connects, you can interfere with their device and the Wi-Fi router. From here, you can monitor their computer and more. You can access their browsing data to steal information, like their bank account number, or you might even decide to steal their photos.
You could do more damage than simply accessing their computer while they’re connected to the internet. Theoretically, you could infect them with ransomware or malware. Ransomware locks parts of a computer until a ransom is paid. Malware is an invasive and hostile software that is used for malicious intent, like stealing personal information.
On a bigger scale, you could harm more than individual coffee shop visitors. Many large businesses are vulnerable, so you could attack a company’s entire network. With the right know-how, you could assess untold amounts of records and sensitive information.
Mathy Vanhoef, a scholar at Belgium’s KU Leuven University, discovered the vulnerability. As a proof-of-concept, she ran an attack against an Android smartphone. In the demonstration, the attacker had access to all of the information the victim transmitted. The attack was easy to accomplish, as Linux and Android systems are specifically vulnerable.
In a KRACK attack, the criminal takes advantage of something called a four-way handshake. This process is executed when someone joins a protected Wi-Fi Network. The first part of the handshake is executed when a user logs onto a network. When you enter a password to sign onto Wi-Fi, you start the handshake. As you do this, the second part of the handshake unfolds; an encryption key is created to protect all subsequent traffic.
An attacker could then use KRACK and trick the user to reinstalling an already-in-use key. The user might reinstall the key without even knowing that they’ve done anything wrong. When the new key is in place, the attacker can take advantage of the information afforded from the victim’s traffic.
The KRACK attack is very serious, but there is some good news … It’s not very scaleable. Remote attacks aren’t possible with the current vulnerability. A hacker has to directly connect with a Wi-Fi access point to take advantage of the vulnerability. In other words, they need to be within physical proximity to a device to take advantage of its information.
Even though the potential for remote attacks is unlikely, people should still take this very seriously. This is a huge threat to the security community. Instead of having an issue with a single vendor, essentially all modern Wi-Fi protocol is flawed.
In light of the KRACK finding, every user should update their devices. Once a patch is in place, you can let out a sigh of relief. Protecting yourself against a KRACK attack is the first step. The next step is to implement sound Wi-Fi browsing safety behaviors.
Start with good internet hygiene. This simply means that you avoid transmitting sensitive data when you’re on unsecured, public Wi-Fi. Even if you enter a password to get onto the Wi-Fi network, you are still at risk. Try not do online banking or enter any sensitive data into your internet windows when you’re connected to a public signal.
It’s also important to control your computer’s sharing options when you’re connected to a public internet connection. Most modern devices have file sharing options. These are really helpful when you’re on a trusted network with other trusted devices. However, they can be detrimental when accessed on the wrong network by the wrong people.
To protect yourself, turn off file sharing when you’re in public spaces. Use your system’s firewalls to keep yourself safe. To learn more about this process and how you can automate it, speak with a representative from HelpCloud.
Another security measure is to turn off Wi-Fi when it’s not in use. This is an extra step, but it’s a security habit that may save your personal information. If you have a PC or Mac computer, you can program it to automatically turn off Wi-Fi after you’ve been offline for a given time.
Lastly, it’s important to use up-to-date antivirus and anti-malware software. Although these systems are not immune from security flaws, they are still a useful part of an online security protection arsenal.
Bigger, Stronger and Scarier Attacks
By 2021, cybercrime might cost $6 trillion annually. Cybertheft is the fastest growing crime in the United States, with more than 2 billion personal records stolen in 2016. Unfortunately, as long as you use the internet, you will be vulnerable. This isn’t necessarily as scary as it sounds, though.
With the right knowledge, you can mitigate online risk. By staying up-to-date with current industry news and constantly increasing your understanding of cybercrime, you can protect yourself from a lot of potential hacks. Increasing your understanding of this space might not always seem exciting, but it’s an essential component of online literacy. To take advantage of all that the internet has to offer, you need to learn how to safeguard yourself effectively.
Luckily, there are many services and systems that are designed to take care of this process for you, so you can safely take advantage of the internet’s offerings.