Earlier this week, a major WiFi vulnerability was found to exist in the WPA2 (WiFi Protected Access 2) encryption protocol. Prior to the discovery of this vulnerability, WPA2 was hailed as the most secure method of protecting your WiFi network. It’s been estimated that WPA2’s Advanced Encryption Standard (AES) would take millions of years for even the most advanced supercomputers to break through its encryption process. Unfortunately, the latest attack does not have to break through any form of encryption. Instead it exploits a serious weakness found in WPA2’s framework.
The KRACK WiFi Vulnerability
A Key Re-installation Attack (KRACK for short) can completely bypass WPA2’s security. The attack works by tricking the WiFi network into believing that the hacker has the correct credentials to access the network. Once inside, the hacker can monitor every piece of information flowing into and out of the WiFi network. All kinds of personal information, such as credit cards, social security numbers, usernames, and passwords are at risk of being stolen. If you believe your information may have been stolen, try running a background check on yourself to determine if someone has been using your information.
Certain operating systems are more susceptible to KRACK (such as Android 6.0 or higher and Linux OS). It’s important to note that all devices operating off of WiFi networks are vulnerable. This includes PCs, laptops, smartphones, and even IoT devices (such as digital home assistants and smart TVs).
How To Protect Your WiFi Network
Mathy Vanhoef, the security researcher who discovered WPA2’s vulnerability to key re-installation based attacks, has published both a research paper as well as a website that goes into further detail on subject. However, if you’re not into the more technical aspects of the attack, and are only concerned with how you can protect yourself from this new threat, we’ve got you covered.
Update All Devices On Your Network
Updating any WiFi connected device is by far the most important thing you can do to protect your network. In this particular case, your number one priority should be updating your router’s firmware. While updating firmware usually requires some additional steps, the process is simple enough that anyone can do it.
Once you’ve updated the firmware on your router, your next priority is the software on the rest of your devices. Most major manufacturers have already developed patches for the KRACK vulnerability. However, there are still some manufacturers who have yet to release an update for their devices. If you’re unsure about whether your device’s manufacturer has already provided a patch for this WiFi vulnerability, take a look at this list.
Use An Alternative Connection To WiFi
What if the majority of your devices have not been properly patched? In that case, the next best thing you can do is disable your router’s WiFi and use an alternative connection. While not every device has a built in ethernet port available, some of the more data sensitive devices, such as PCs and laptops, are sure to have one. Consider utilizing these ethernet connections on your important devices until a proper fix has been publicly released.
In addition to PCs and laptops, smartphones also contain a ton of sensitive information. Unfortunately, many of these devices are at an elevated risk (Android devices in particular). In order to protect your smartphone from this WiFi vulnerability, try using your smartphone’s data instead of connecting to the WiFi, especially if you find yourself in a public place.
If there’s one thing you take away from this article, it’s that you should always keep your devices updated. Most modern devices come standard with some sort of auto-update feature. Enabling this feature can help secure your devices from potential vulnerabilities in the future. For those devices that require manual updates (such as router firmware), remain vigilant and keep a lookout for future updates.
If you found this article helpful, or have any additional tips, please let us know in the comment section below!
Related Article: How To Secure Your Connected Devices And Personal Information
Update (11/8/2017): Google has released a new security patch for Android devices (versions 5.0.2 Lollipop to 8.0 Oreo) that addresses the KRACK WiFi vulnerability. There are multiple patches available for November, however the 2017-11-06 patch is the one to look out.