Vulnerability Explained Simply
Recently, the whole world was rocked by the news that a particular vulnerability in a widely-used-WiFi protocol lets attackers eavesdrop on devices and wireless access points. The Key Reinstallation Attack (KRACK) is a serious security weakness, and since almost everyone and his mother uses WiFi, what this means is that we’re all potentially screwed.
So how exactly can attackers capitalize on this vulnerability, what can they do to you, and how should you protect yourself? Here’s what you need to know:
WHO IS AFFECTED?
It’s safe to assume that almost anyone who uses WiFi is vulnerable. WPA2 is the current standard and that means every device — every computer, tablet, and phone — is in question. This is why the KRACK is scary. It’s not just because of what it can do, but because almost everyone is exposed.
HOW ATTACKERS EXPLOIT THE VULNERABILITY
A hacker would need two things: a network that uses WPA2-PSK (Wi-Fi Protected Access 2 - Pre-Shared Key) and an individual who would connect to it. And since WPA2-PSK is the most secure among the usual WiFi protocols (WEP, WPA, and WPA2), this could happen anywhere – in coffee shops, at the airport, in schools, and even in your home.
While the user is connecting to the WiFi hotspot, their device is doing a four-way handshake – a process that verifies whether the password being used is correct. This is where the interference happens. The hacker obtains the capacity to manipulate the traffic in the network and do some very bad things.
WHAT’S THE DANGER?
Because the hacker is able to intercept the traffic in the network, he can modify or outright falsify data, thereby making everything on non-secure websites suspect. In theory, the hacker could also covertly insert malware/ransomware on usually safe sites, which nullifies the basic security practices that we’ve all learned to follow such as staying away from shady websites or downloading dubious attachments. Even worse, the KRACK vulnerability applies also on WPA-Enterprise (usually used by large businesses). So if there are no additional security layers (passwords/encryption, etc.), the hacker can access servers and steal data/records.
HOW DO WE STOP IT?
Fortunately, addressing the issue is fairly straightforward: just patch your device. Some big name manufacturers have already released patches that address the issue. Install the latest security update from your manufacturer and this should plug the leak.
Of course, this doesn’t mean that all is well. People can be their own worst enemies. My wife, for example, absolutely abhors it when I update our devices – she claims (I kid you not) that her tablet just gets slower and that I mess things up when I update. Some people don’t know how to update their devices. Some just don’t care. If you’re feeling bold, better be a hero and just do everyone a favor by updating all the devices in your house (even if your family doesn’t thank you for it).
Also, other manufacturers could be a bit slow in releasing the appropriate patch. Android users, for example, have a hard time since there are so many manufacturers and software updates are few and far between. iOS 11.1 already fixed the issue; Android is supposed to have the fix rolled out first on Pixel/ Nexus so if your device isn’t from Google, it may take a bit longer.
Last, other devices might not get the appropriate updates at all. I can’t even remember when was the last time my Samsung 4K TV had an update. If you have a smart ref or other connected household devices, we might be all out of luck.This, more than anything else, might make cleaning up the KRACK vulnerability take years.
SHOULD YOU STOP USING WPA2?
No. WPA2’s protections/encryptions still make it the protocol of choice for WiFi networks. Just update your devices (and router, if possible) immediately. If you can also avoid using WiFi when there are strangers around (the attack needs to be in proximity), do so.
The KRACK vulnerability teaches us that just because you’re using what’s currently the most secure doesn’t automatically mean that you’re set. Additional security measures should always be observed: make sure your devices are updated, only share sensitive information to secure sites, and for big institutions, your networks should always have multiple layers of protection.