KRACK WiFi attack - What to learn
The KRACK cyber-attack reared its head one month ago, and since then every big name in tech has been working around the clock to release patches and software to fight against it. In case you haven’t heard of it, or are confused about what it is and how to protect yourself against it, here is a breakdown:
What is it?
- KRACK stands for Key Reinstallation Attack and is a cyber-attack which accesses data through a WiFi connection.
- It works by bypassing WPA2 (a protocol that encrypts sensitive data), by sabotaging the 4-way ‘handshake’ which takes place when your device joins a WPA2 protected network. The third step of this handshake is when an encryption key is sent, this step can be targeted to access information because the hackers can make your device send this key several times without your knowledge, which overrides the encryption.
Who is vulnerable?
- Any device that uses WiFi is vulnerable; hackers can access any credit card numbers, passwords, chat messages, e-mails, or photos that are sent using WiFi.
- It has also been found by researchers that Linux and Android users are the most vulnerable to attack since both have an existing vulnerability in the code that compounds the issue. However, patches are readily becoming available for both.
- Outdated technology without the latest patches or updates is very vulnerable as it will not have the protection that companies are now adding to secure you against this attack.
How can you protect yourself?
- The most effective/important step is to update all your devices when an update is possible. This is good for general practice anyway as every update contains all sorts of important protection against cyber-attack. CNET has been keeping on top of the latest updates to protect against this attack so click here to see what is available to you, and to check that you are running the latest update.
- Until you have updated your devices and secured yourself against these attacks, it is a good idea to turn off your WiFi and connect via an Ethernet cable when possible.
- Moreover, you should stay away from public network connections and, if you really must use one, only connect to secure ones. You will be able to tell these apart as secure connections require a password.
- However, even with password protected connections, it is best to stick to websites that use HTTPS encryption as these remain secure even when the WiFi security is at risk. The URLs of encrypted and protected website addresses will start with “HTTPS,” and unsecured websites with “HTTP.”
- Using a VPN is good security practice regardless of cyber threat. It is an essential step for businesses to make sure their browsing activity is secure, as well as being a way to access their business network and data from anywhere.
Although you can protect yourself from this particular attack now because the patches and updates have been released, a breach like this is a painful reminder of the importance of keeping on top of your updates for all devices, even those that do not use WiFi. Do you regularly check for updates on all of your devices? It can seem like a pain and an inconvenience, so let us take away the concern for you. Talk to us about any concerns you have about cyber-attack and let us show you how we could be of help. Our fully managed IT support package includes a layer of web security, meaning that we take care of all this sort of thing for you so you don't have to worry about falling vulnerable.