The internet went into crisis last week when a group of researchers unveiled a hacking system that threatens Wi-Fi access points around the world.
What is KRACK? How much damage can it do you? To what extent is your Wi-Fi in danger? And most important, what can you do to protect yourself from these types of attack? Read on for answers.
What is the KRACK vulnerability?
Nicknamed KRACK by the cybersecurity researchers who discovered it, the vulnerability opens up a gap in WPA2. This encryption system is the standard security option for most Wi-Fi networks around the world.
This discovery has triggered alarms due to the proliferation of WPA2 around the world and our increased dependency on Wi-Fi. WPA2 replaced the older security protocols for similar reasons.
“In 2001, the WEP security protocol was cracked. It was immediately considered unsafe to use and unable to keep networks safe from malicious eyes, “said Mark James, a security specialist. “And here we are, 16 years later. And it looks like WPA2 will continue down the same path. ”
What can and can’t KRACK do?
An attacker using KRACK can intercept some of the traffic that travels between your Wi-Fi access point and the devices connected to it. This means the attacker can steal critical information like your mail, your credit card number, passwords, and phone numbers.
However, if the traffic is encrypted using the HTTPS protocol, the attacker can’t access that information. The attacker also can’t steal your Wi-Fi password, although the password isn’t needed to access non-encrypted data.
With certain tools, the attacker can perform a packet injection, a process that allows them to install malware on all the devices connected to the Wi-Fi network. This is a more complicated effort, however, so there is less chance that it will happen to you.
KRACK has other limitations as well. The attacker must be in the range of the Wi-Fi network, or else be able to take control of a computer within range of the Wi-Fi network, which requires a lot of sophistication on the part of the hacker. It is also possible that companies will release patches that will prevent the possibility of a remote-control attack.
Some have proposed the possibility of using the exploit as a worm–a type of program that tries infects a computer and quickly spreads to the devices to which it is connected. So far, this possibility is no more than conjecture.
What can you do to protect yourself against KRACK?
1.Getting started: Changing the password does not help you
Remember, the attacker does not need to know your Wi-Fi password to intercept your traffic. The attacker will be able to steal data such as your credit card number and the content of your messages in chats without the password … but they won’t be able to access your actual Wi-Fi without the password.
2. Update, update, update
Manufacturers are releasing updates that patch the KRACK (pun intended). Update all your routers and devices that connect to Wi-Fi like computers, mobiles, and tablets. You can also enable the auto-update option, so that you don’t have to keep worrying about whether or not the anti-KRACK update has been installed or not.
Prioritize updating your router. You can tell if it has been updated by accessing your admin panel. If you have further questions, contact your company to ensure they have already prepared the countermeasure. In case they don’t answer or you do not like the answer, you have two options: get a new router or buy a Wi-Fi access point from a responsible company that has already updated their software. At this link you’ll find a constantly updated list so that you know which companies have updated the firmware.
3. Plan B: Use Ethernet
If your router is not on the list of updated products and you can’t buy a secure access point, consider disconnecting the wireless connection and betting on Ethernet for the short term. This means that you would be stuck using devices that are literally connected to the router via a cable, so it might necessitate buying additional Ethernet cables.
4. The time of the data
Of course, you can’t connect your phones or tablets using an Ethernet cable. So if you really want to feel safe, consider disconnecting the Wi-Fi from your mobile or tablet and using cellular data. It is not an ideal solution, and I only recommend it if you suspect that someone is accessing your data. Android users should be especially careful in this regard, as Android 6.0 devices are more vulnerable than other devices.
5. Install the HTTPS Everywhere extension
Remember that attackers can’t access HTTPS encrypted traffic. That’s why it’s important to use an extension such as HTTPS Everywhere. This way, when browsing with Chrome, Firefox, or Opera, you will automatically visit the HTTPS version of a webpage. The only exception is when the webpage in question does not use HTTPS. You can check to see if a webpage uses HTTPS by looking at the URL: If the start of the URL is http instead of https, it is advisable that you avoid visiting the page because all the information you share will be vulnerable.
6. Avoid public Wi-Fi hotspots
The attacker can only access your Wi-Fi if it is within range, so let’s put ourselves in the mind of a criminal for a moment. Which is easier: to enter the range of a private Wi-Fi network or enter the range of a public Wi-Fi network (like, say, a coffee shop)? Be careful with the public Wi-Fi: yes, you save data when you use it, but until there is a more definitive solution the KRACK problem, trying to save your data might put you in danger.
7. What about the Internet of Things?
IoT devices such as Amazon Echo and Google Home are the most at risk from KRACK. Disconnect devices from your network that have not yet been updated by their companies.
However, be selective. Imagine that an attacker manages to access the traffic that manages your smart light bulb (yes, there these things actually exist) and your router. So what? This information might not put you at risk. Instead, focus on devices like Google Home that are distributors of very private and valuable information about your life and habits.
8. VPN: A good solution, with caveats
Your other option is to use VPN. On the plus side, with VPN you protect yourself KRACK. But on the negative side, you might expose yourself to VPN companies that sell all the information they get from your browsing to third parties. Before using VPN as a solution, make sure the provider is legit.