Almost everyone who has access to the internet uses a Wi-Fi enabled device connected to a Wi-Fi router or access point and if your Wi-Fi router firmware is not upto date or your are using the WPA2 security protocol then you may be at risk of attackers accessing your sensitive information.
Most consumer devices supplied by Internet Service Providers come with pre configured security (WPA or WPA2) for connecting any device to your Wi-Fi.
Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. Researchers have discovered some serious flaws in this WPA2 protocol that allows attackers to intercept encrypted data such as your passwords, emails etc. Also in some cases attackers can inject malware and other malicious content into a website that is being viewed by the client device.
This exploit has been called KRACK, short for Key Reinstallation Attacks by the researchers, Discovered by Mathy Vanhoef of imec-DistriNet, KU Leuven and was publicy disclosed through their website – https://www.krackattacks.com/
Who is vulnerable to this attack?
If you use a Wi-Fi router with WPA2 security protocol , that does not have necessary security patches or the manufacturer has not yet provided any new security patches then you are vulnerable to such attacks or use any of the Wi-Fi enabled devices manufactured by Windows, Android, Apple etc.
Also, if you are using a Wi-Fi router or access point that is end of life or not supported anymore or requires manual update of firmware (which is the case of most of the Wi-Fi routers) then there is a chance that you are at high risk.
How do you protect yourself?
The easiest thing is to first check on the manufacturers website. You can then check your model number and firmware version against the latest available firmware for your device and follow instructions provided by the manufacturer to update the firmware.
I do not have Wi-Fi, but use a wired router, am I affected?
No. This only affects the Wifi routers and access points in which WPA2 has been utilized to secure the network.
I am not sure what to do, is there something I can do to make sure that I am protected?
There is no need to panic as remote attack is not possible , at least as of now until someone does formulate a remote attack based on the newly discovered vulnerability. So, at this point, you should be in the preventative maintenance mode. There are few things you could do if you are not sure about the firmware version, or if there is a new firmware available in the wake of this discovery.
1. Use Ethernet to access internet on your computer
2. Log into your router and do an update anyway
3. If you have devices connected to a wifi router, such as IP cameras and other critical devices, disconnect them till you verify your wifi router or access point is not affected.
If you are interested on how this hack works, check out this video by researchers who discovered it.
Like with anything on the internet nowadays,
Think Before You Click.
Photo Credit: Copyright: georgejmclittle / 123RF Stock Photo