KRACK Wi-Fi Attack Threat: All You Need to Know, How to Fix It And More

India.com Business Desk
1 / 1

Improve Wi-Fi Signals Using a Foil: Study

The reflector was made of plastic that was covered with a layer of metal and the testing was done by placing it around or beside many routers.

Mumbai, October 17: An attack, termed as the KRACK (Key Reinstallation Attack) has emerged from weaknesses that have been discovered in a protocol that Wi-Fi uses. The Krack vulnerability, which was identified by a security researcher overseas affects almost all devices including computers, mobile phones, routers and smart TV.  The researcher named Mathy Vanhoef discovered serious vulnerabilities in WPA2, a protocol that secures all modern protected Wi-Fi networks. He published details of a new attack against Wi-Fi encryption, termed Krack and advised users against switching to the insecure WEP protocol on their router until their devices are patched.

KRACK allows the attacker to decrypt and read data that was meant to stay encrypted. Major companies are still scrambling to deploy patches before an exploit code becomes available. KRACK is an unusual bug which is hard to exploit and hard to fix. This means all devices that use Wi-Fi networks need updating to protect against attack.

After KRACK- serious Wi-Fi vulnerability was revealed today, reports state that Microsoft’s recent security update means only Vista and XP remain vulnerable while Google is releasing a fix for Android on 6 November. Meanwhile, a patch is coming for recent Apple devices in the next few weeks while Linox patches already out or coming soon. (ALSO READ: WannaCry Hero Marcus Hutchins Arrested By US Authorities For Creating Malware Against Banks)

What is a Krack attack?

  • Krack affects almost all devices including computers, mobile phones, routers and smart TV that are connected to Wi-Fi. The vulnerability may also attack any ‘smart’ devices, such as whiteware, appliances, webcams, TVs, and baby monitors.
  • Krack essentially is a weakness in the WPA2 system. The WPA2 system is a system which secures the Wi-Fi connection between a router and a computer.
  • When that system breaks down, it could let an attacker get in between you and your router. The hackers can unencrypted (non-HTTPS) traffic or compromise your computer by slipping malware into legitimate websites.
  • The hacker would have to be within Wi-Fi range to carry out any of those exploits. This reduces the risk that an average person will be targeted. It gives attackers the ability to inject viruses or ransonware into the website that is being visited.

How to fix it:

The easiest way to protect your devices is to update them as soon as the manufacturer is ready with the patch. The easiest thing would be to simply use a wired ethernet connection or stick to your cellular connection on a phone. Reports state that Microsoft already released a software update on October 10 for supported versions of Windows, fixing the vulnerability before it affected anyone. (ALSO READ: NSE issues alert on Locky Ransomware)

The United States Computer Emergency Readiness Team also issued this warning as part of its KRACK security advisory. However, most vendors are still putting together patches for the bug. So, if anyone is trying to update immediately, it may not work. The most important devices to patch are the ones you use most often like your computer, laptop and your smartphone that are usually connected to Wi-Fi. Apart from thee daily gadgets of use, it is important to patch every device that is Wi-Fi-enabled and update them as soon as possible. It has to be noted that newer phones running Android 6.0 or later are more at risk since there is an existing vulnerability in the code that compounds the issue and makes it easier to “intercept and manipulate traffic.” Apple said in a statement that all current iOS, macOS, watchOS, and tvOS betas include a fix for KRACK.