Getting KRACKed: Use WiFi? Drop everything and read this now.

krack logo
krack logo
“Welcome to my nightmare…” – via krackattacks.com

Whatever you do, don’t use WiFi for a bit.  A new revelation in computer security has shown that WiFi, no matter what device, is insecure and can be hacked: “if your device supports Wi-Fi, it is most likely affected.” Enter key reinstallation attacks, called KRACK.

internet of things
Is your home “smart?” Chances are it’s even more vulnerable than your phone and laptop – via sketchbubble

The exploit, known as KRACK, breaks security in the previously-thought-safe WPA2 password standard.  While the exploit cannot reveal network passwords, it doesn’t need to: KRACK attacks bypass passwords entirely and directly snoop on users.

What does this mean?  Any traffic between your device and a wifi router can potentially be hijacked and used to inject malware, read credit card information, and more.

Update: who’s still affected

I found a website that keeps track of which companies have patched the vulnerability.  You can check it out here.  iOS, Android, and MacOS are the most vulnerable right now.  Internet-of-things devices like WiFi-enabled lightbulbs (why?) probably just won’t get patched.  Good news there, though, it doesn’t seem very likely you’d be sending sensitive data via lightbulb anyway!

“You’re my only hope”

There are still ways to protect yourself!  Any application that connects to the internet should not be trusted until your device receives security updates.  The one exception to this might be your web browser: some addons allow you to force a second layer of encryption onto your browser traffic.  Called HTTPS Everywhere, you can download it here for Chrome, Firefox, or Opera.  If you are able to download Firefox for Android, you can also install it on your phone.  While HTTPS Everywhere can’t protect everything, and HTTPS itself has known vulnerabilities detailed on the KRACK page, it does add a layer of protection.

In the meantime, keep your phone on data and your computer attached to an Ethernet cord!  Device vendors have already been notified of the exploits, and have been working on fixes since July.  Because vendors have been working on fixes, I cannot stress enough how important it is to install security updates.  OpenBSD, an open-source operating system, was the first to patch the vulnerability.

If you want to know more, you can visit the website that details how KRACK attacks work here.  It has a Q+A section at the bottom that gives more details.

Author: James Ozment

I'm a Birmingham native who loves music, cycling, reading, and tech. Find me on the campus of Birmingham-Southern College, in Avondale, or hanging out with my cat