KRACK is an ominously named crypto attack that exploits a flaw in the process of connecting a device and a Wi-Fi network. By allowing network access without the password, effectively it opens up the possibility of exposing credit card information, passwords, and practically any other data on your device. Here’s how to protect yourself – somewhat.
Using WPA2 security, the standard of protection for the past 13 years, is still the way to go, and setting a strong, secure password is just as important as it ever was. But it’s like a lock on your front door. Locks, according to conventional wisdom, keep out honest people. But a lock that’s strong enough to delay a would-be thief was thought to still be effective.
That was until KRACK (Key Reinstallation Attack) was discovered. It exploits a flaw in the four-way handshake process between a user’s device trying to connect and a Wi-Fi network, allowing an attacker to access a network without the password. It’s an equal-opportunity attack, too. It can affect Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and others, but the most current versions of Windows and iOS devices are not as susceptible to attacks because of how Microsoft and Apple implemented WPA2. Linux and Android-based devices are more vulnerable to KRACK.
Fortunately, it’s not a helpless situation. Attacks can only be successful when someone has access to the wireless network you’re on at the time of the attack. That means you need to be especially careful on public networks. You can further help yourself by:
- Making sure you’re up to date with all available security patches
- Using a VPN, which will encrypt your internet traffic
- Visiting only websites that use HTTPS, though it’s not a guarantee you’ll be safe.
We’ll keep you updated on developments against KRACK, and we can help you now by taking a look at your systems and security to make sure you’ve maximized your protection. Call us – 973-433-6676 – or email us for an appointment.
- 14 Nov, 2017
- Norman Rosenthal
- 0 Comments
- Android, Apple, cybercrime, Linix, Microsoft, online safety, OpenBSD, privacy, security, upgrade,