If you keep up with technology news (or even if you don’t), you may have seen headlines recently about a newly discovered security flaw that exposes information you share over any Wi-Fi connection to cyber criminals. Known as KRACK (short for Key Reinstallation AttaCK), this vulnerability in the WPA2 security protocol makes it possible to eavesdrop on data previously thought to be encrypted when you connect to Wi-Fi. Hackers can use this breach to steal your most sensitive info, including credit card numbers, account passwords and emails.
KRACK works by taking advantage of the so-called four-way handshake—the process between a device and a router intended to deliver a fresh, encrypted session each time you go online. At the third step in this exchange, KRACK can trick your device into resending what should be one-time encryption settings for data multiple times, allowing hackers to intercept these transmissions and decode your information.
Is Your Data Safe?
If your device uses Wi-Fi and a hacker comes within range of it, you could be targeted. Android devices are particularly vulnerable, according to Belgium researchers who found the flaw. This is a good reason to use your own virtual private network (VPN) on your smartphone or laptop when working from locations with public Wi-Fi networks such as Starbucks or Panera Bread. If you’re tapping into a public hotspot—even one that requires a password—it’s also smart to browse only secure websites with “https” in the URL.
What else can you do to protect your data? Make sure you keep all of your devices updated. Most tech vendors, including Apple, Microsoft and Google, have released fixes, and IOS, Android and Linux devices have all rolled out security updates to prevent attacks. You can check the software updates tab in your settings app to find the most recent versions.
Hackers who launch a KRACK attack against your Wi-Fi security may also be able to sneak code into websites in your browser and infect your computer with malware or ransomware—so keeping your antivirus software up-to-date is also important.
Protecting Your Home Hub
Work from home and use your own wireless router or gateway? These units must be patched as well to guard against a KRACK attack. Top vendors such as Linksys, Netgear, Cisco and others have released fixes, but most require you to log into your administration page and install these yourself. You can find instructions for updating or upgrading the firmware of your router by Googling the model number of your unit and downloading the user manual.
If you use Comcast or AT&T for wireless service and rent their routers, you’re out of luck. Unfortunately, none of these larger internet providers have immediate plans to release patches or security updates to protect their routers.
Meanwhile, smart devices such as lighting sensors or security cameras are more difficult to secure and patch than PCs and mobile devices, so they may be more accessible to hackers.
Moving forward, the Wi-Fi Alliance will require any new devices they certify to be tested for this vulnerability, so future products should be secure out of the box. But in the meantime, if you’ve been delaying an iPhone update or depend on your own wireless router or gateway for business, make sure you’re running the most current version.
Need help assessing vulnerabilities in your company’s IT infrastructure and safeguarding your systems against security breaches like a KRACK attack? Let XMI help. We provide remote, continuous monitoring of your technology equipment and software, flagging and fixing potential problems before they jeopardize your network. Contact Bryan Vaden, XMI’s chief technology officer, for guidance on keeping your IT running smoothly and securely.