KRACK Attack WiFi Vulnerability: What You Need to Know

Flooring Forum - DIY & Professional

Help Support Flooring Forum - DIY & Professional:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

Nick

In Remembrance
Joined
Jan 31, 2010
Messages
10,909
Location
, New Jersey
Another day, another scary-sounding widespread cybersecurity vulnerability in the news. This time, it’s about WiFi—specifically, the WPA2 encryption protocol that practically everyone uses. As Ars Technica reported, Key Reinstallation Attacks—or KRACK—lets attackers intercept data between your device and a WiFi router including emails, passwords, personal information and anything else you’d transmit over the supposedly secure WPA2 connection.

So, how worried should you be? And what should you do? Here’s what we know right now.

private vpn feature
Save
How to Secure Your Devices Against the KRACK WPA2 Vulnerability

First, some good news: unlike WannaCrypt and Petya ransomware attacks, KRACK is only a proof-of-concept attack. There haven’t been any reported cases of this vulnerability being exploited on a widespread basis. That being said, the vulnerability does exist. Here are some highlights.

KRACK vulnerabilities affect all devices that use WPA2, regardless of the platform. This includes Windows, macOS, tvOS, Android, iOS, and Linux devices. Your computers, tablets, laptops, smartphones, internet-of-things devices, streaming set-top boxes, etc. The vulnerability is focused on the clients and not the routers.
Attackers must be within WiFi range. This is the next best news. This isn’t something that’s going to infect you over the internet or from a shady email link. An attacker has to be within physical WiFi range to exploit the vulnerability. This means parked outside your house, camped out in your company’s server room, or sitting next to you in a coffee shop.
Microsoft has already patched Windows 10. Apple’s release is coming very soon. Microsoft’s October 10 Windows 10 cumulative update included a fix for the KRACK vulnerability, but they didn’t disclose it at the time. If you stay up to date with your Windows patches, then you’re good on that device. Apple has a fix in its beta release of iOS, tvOS, watchOS and macOS. It’ll be rolling out super soon, giving us yet another .0.x update since the September release of iOS 11 (is this a world record)?
Linux and Android devices remain vulnerable. Be on the lookout for software updates for your Android and Linux devices and install them as soon as they are available.
What about wireless routers? WPA2 is a protocol between your device and your wireless router. So, the obvious question should be: when are wireless routers going to be fixed? WiFi routers—be it a Netgear, Linksys, Cisco, ASUS, TP-Link or whatever—will need firmware updates to fix this issue. Developers are working on these fixes, but few if any are available right now. You can check for firmware updates on your router’s setup page. See our articles on updating ASUS router firmware and Cisco Linksys router firmware for examples.
Changing your WiFi password won’t help. Although you may want to change your password once your devices are all patched, doing so now won’t protect you. The WPA2 vulnerability that KRACK exploits makes your password irrelevant.
WEP is still worse than WPA2. The vulnerabilities of WEP are widely known and the researchers who found the KRACK vulnerability say you should NOT use WEP instead of WPA2, even in light of KRACK.

That’s about all the information there is now. For the latest and best information, I’d check out krackattacks.com which is the official site of the researchers who found KRACK (and got to name it apparently—good for them!). If you have any news about KRACK or any other vulnerability, be sure to share it with your fellow readers in the comments.
 
I'm getting sick of the words "Microsoft" and "patches" when mentioned in the same sentence. Does Apple issue hourly patches and updates?
 
Hackers , for some reason don''t seem to go after Apple that often. MS is their target ..

Apple’s release is coming very soon.
 

Latest posts

Back
Top