In October 2017, attackers were able to hijack and eavesdrop on data when you connected to Wi-Fi due to a flaw in the WPA’s security protocol. KRACK affected all modern protected Wi-Fi networks so that means if your device uses Wi-Fi then it might have affected you. Fortunately it looks like the main technology companies are on it and have by now created security patches.
What is KRACK?
The quickly adopted acronym for “Key Reinstallation Attack” targets step 3 in a 4 step authentication “handshake” when your device attempts to connect to the Wi-Fi network. During step 3, the encryption key is sent multiple times and attackers have found a way of hijacking and replaying those transmissions resulting in the Wi-Fi security encryption being at risk of being broken.
Ultimately, when the security is broken, attackers can steal credit card numbers, passwords, see chat messages and emails etc.
It could go even further and result in HTTP content injection, meaning the attacker could put ransomware or malware code onto websites thus causing more havoc.
Basic Wi-Fi security measures
- Make sure your computer or device has the most recent security updates. For example up-to-date Windows PCs will have the relevant KRACK security patch included. You can check for the correct security patch here
- If your device’s updates aren’t ready then try to either use a wired Ethernet connection or 4G on your phone.
- If you are out and about and have to use a public Wi-Fi hotspot, only visit websites displaying HTTPS thus ensuring encryption. It is to be noted that these websites will still be secure even if the Wi-Fi connection has had a security breach.
- You could also use a VPN connection (virtual private network) which will hide all your network traffic. Do pick a trustworthy one though as you don’t want to be at some random dodgy VPN connection’s mercy.
- It isn’t necessary to change your Wi-Fi password as the KRACK attack involves setting up rogue networks in the same range as the real one so that devices connect to the new one instead
- As always, do keep your anti-virus software up-to-date.
How North London IT Support can help
We find the advice given on NCSC’s website pretty useful. However if you are still concerned about your Wi-Fi connection, get in touch with us on 0800 756 1400 and we’ll do what we can to help.