KRACK attack- All Wi-Fi networks’ are vulnerable to hacking
A security flaw has been exposed that could be used to hack into any device that uses Wi-Fi. That contains your phone, your PlayStation and your smart fridge. The key re-installation attacks, or KRACKs, were discovered by Belgian researcher Marty Vanhoefand are so serious the US Department of Homeland Security has issued an official
How does the hack work?
According to Mr. Vanhoef, KRACK is a problem with Wi-Fi itself, not any particular device. That’s what makes it so regarding. The attack operates and repeats cryptographic handshake messages in the 4-way handshake that is used when you attempt to connect to a protected Wi-Fi network, if you’re after the technical explanation. Simply, it permits someone to access your device through a password-protected Wi-Fi network.
Should I change my password?
It won’t make any difference. That’s because KRACK doesn’t need your password to get access. Mr. Vanhoef does note that it’s never a bad idea to change your Wi-Fi password anyway. It just won’t protect you from a KRACK attack.
What could be stolen?
A lot. Mr. Vanhoef says he’s used the technique to steal a whole swathe of information that is supposed to safely encrypt. It includes: Credit card numbers, Passwords, Chat messages, Emails, Photos
How can I protect myself?
The good news is the flaw looks like it can be fixed with a similar software update in most devices. In fact, Microsoft has already released a patch for Windows that fixes the flaw and Apple will roll out an update in a few weeks that does the same according to CNET. So make sure you’re up to date with any patches on your devices that use Wi-Fi (smartphones, PCs etc.) as well as the routers themselves, and check for more updates in the next few weeks. That’s just the start of our problems though. Here’s Associate Professor from School of Engineering at RMIT University Mark Gregory: “Realistically what we will see of course is that anywhere between 30-50 per cent of devices won’t be patched,” he said.
You need to be really careful with public Wi-Fi
Professor Gregory says it’s going to be a major area of concern in the months ahead. You probably don’t need to worry too much about a public Wi-Fi connection at your local government-run library or at a major fast food establishment because they’ve got massive IT departments to fix this kind of thing. Your favourite boutique coffee shop though? That’s another story. “The problem is where we have cafes and smaller companies that are offering Wi-Fi it’s likely that the access points won’t be patched and therein lies the problem,” he said.
Patching your own device does not guarantee you’re safe either. “If the actual access point hasn’t been patched, the information you’re sending to that access point can be looked at by people who are connected,” Professor Gregory said.
Has KRACK been used by malicious hackers?
Simply don’t know. Mr. Vanheof said he let vendors know about the hack after he discovered it in July, but there’s no way to tell if it has used by people with malicious purposes before then. This can’t be used to hack into your computer remotely though, so we’re not likely to see something on the scale of the WannaCry ransom ware attack. The US Department of Homeland Security said someone using this flaw would need to be in range of your Wi-Fi network to exploit it. Professor Gregory says the Federal Government should step in to ensure companies which make Wi-Fi devices are patching security flaws like KRACKs. “We simply cannot have a major system like Wi-Fi being left vulnerable,” he said. “We’ve got all these government departments that are now linked into a national security hub and we’ve got these newly employed security tsars. It’s time the government put them to work.”