Nick
In Remembrance
Another day, another scary-sounding widespread cybersecurity vulnerability in the news. This time, its about WiFispecifically, the WPA2 encryption protocol that practically everyone uses. As Ars Technica reported, Key Reinstallation Attacksor KRACKlets attackers intercept data between your device and a WiFi router including emails, passwords, personal information and anything else youd transmit over the supposedly secure WPA2 connection.
So, how worried should you be? And what should you do? Heres what we know right now.
private vpn feature
Save
How to Secure Your Devices Against the KRACK WPA2 Vulnerability
First, some good news: unlike WannaCrypt and Petya ransomware attacks, KRACK is only a proof-of-concept attack. There havent been any reported cases of this vulnerability being exploited on a widespread basis. That being said, the vulnerability does exist. Here are some highlights.
KRACK vulnerabilities affect all devices that use WPA2, regardless of the platform. This includes Windows, macOS, tvOS, Android, iOS, and Linux devices. Your computers, tablets, laptops, smartphones, internet-of-things devices, streaming set-top boxes, etc. The vulnerability is focused on the clients and not the routers.
Attackers must be within WiFi range. This is the next best news. This isnt something thats going to infect you over the internet or from a shady email link. An attacker has to be within physical WiFi range to exploit the vulnerability. This means parked outside your house, camped out in your companys server room, or sitting next to you in a coffee shop.
Microsoft has already patched Windows 10. Apples release is coming very soon. Microsofts October 10 Windows 10 cumulative update included a fix for the KRACK vulnerability, but they didnt disclose it at the time. If you stay up to date with your Windows patches, then youre good on that device. Apple has a fix in its beta release of iOS, tvOS, watchOS and macOS. Itll be rolling out super soon, giving us yet another .0.x update since the September release of iOS 11 (is this a world record)?
Linux and Android devices remain vulnerable. Be on the lookout for software updates for your Android and Linux devices and install them as soon as they are available.
What about wireless routers? WPA2 is a protocol between your device and your wireless router. So, the obvious question should be: when are wireless routers going to be fixed? WiFi routersbe it a Netgear, Linksys, Cisco, ASUS, TP-Link or whateverwill need firmware updates to fix this issue. Developers are working on these fixes, but few if any are available right now. You can check for firmware updates on your routers setup page. See our articles on updating ASUS router firmware and Cisco Linksys router firmware for examples.
Changing your WiFi password wont help. Although you may want to change your password once your devices are all patched, doing so now wont protect you. The WPA2 vulnerability that KRACK exploits makes your password irrelevant.
WEP is still worse than WPA2. The vulnerabilities of WEP are widely known and the researchers who found the KRACK vulnerability say you should NOT use WEP instead of WPA2, even in light of KRACK.
Thats about all the information there is now. For the latest and best information, Id check out krackattacks.com which is the official site of the researchers who found KRACK (and got to name it apparentlygood for them!). If you have any news about KRACK or any other vulnerability, be sure to share it with your fellow readers in the comments.
So, how worried should you be? And what should you do? Heres what we know right now.
private vpn feature
Save
How to Secure Your Devices Against the KRACK WPA2 Vulnerability
First, some good news: unlike WannaCrypt and Petya ransomware attacks, KRACK is only a proof-of-concept attack. There havent been any reported cases of this vulnerability being exploited on a widespread basis. That being said, the vulnerability does exist. Here are some highlights.
KRACK vulnerabilities affect all devices that use WPA2, regardless of the platform. This includes Windows, macOS, tvOS, Android, iOS, and Linux devices. Your computers, tablets, laptops, smartphones, internet-of-things devices, streaming set-top boxes, etc. The vulnerability is focused on the clients and not the routers.
Attackers must be within WiFi range. This is the next best news. This isnt something thats going to infect you over the internet or from a shady email link. An attacker has to be within physical WiFi range to exploit the vulnerability. This means parked outside your house, camped out in your companys server room, or sitting next to you in a coffee shop.
Microsoft has already patched Windows 10. Apples release is coming very soon. Microsofts October 10 Windows 10 cumulative update included a fix for the KRACK vulnerability, but they didnt disclose it at the time. If you stay up to date with your Windows patches, then youre good on that device. Apple has a fix in its beta release of iOS, tvOS, watchOS and macOS. Itll be rolling out super soon, giving us yet another .0.x update since the September release of iOS 11 (is this a world record)?
Linux and Android devices remain vulnerable. Be on the lookout for software updates for your Android and Linux devices and install them as soon as they are available.
What about wireless routers? WPA2 is a protocol between your device and your wireless router. So, the obvious question should be: when are wireless routers going to be fixed? WiFi routersbe it a Netgear, Linksys, Cisco, ASUS, TP-Link or whateverwill need firmware updates to fix this issue. Developers are working on these fixes, but few if any are available right now. You can check for firmware updates on your routers setup page. See our articles on updating ASUS router firmware and Cisco Linksys router firmware for examples.
Changing your WiFi password wont help. Although you may want to change your password once your devices are all patched, doing so now wont protect you. The WPA2 vulnerability that KRACK exploits makes your password irrelevant.
WEP is still worse than WPA2. The vulnerabilities of WEP are widely known and the researchers who found the KRACK vulnerability say you should NOT use WEP instead of WPA2, even in light of KRACK.
Thats about all the information there is now. For the latest and best information, Id check out krackattacks.com which is the official site of the researchers who found KRACK (and got to name it apparentlygood for them!). If you have any news about KRACK or any other vulnerability, be sure to share it with your fellow readers in the comments.