The National Cyber Security Awareness Month began with a discovery of another vulnerability in our information technology ecosystem. The standard security protocol for Wi-Fi networks knows as WPA2 has a security flaw that has left almost all individual and business networks across the world vulnerable to hackers. Apart from the scale of the threat, what makes KRACK unique is that it renders encrypted data vulnerable. Attackers within your Wi-Fi range can steal your passwords, photos, credit card details and so on. They can also potentially transfer malware or ransomware through this route in certain cases.
Some commentators are calling this the Armageddon of cybersecurity. Technological giants such as Microsoft, Google, Apple, Samsung and Cisco to name a few are competing to implement patches to protect their devices from the KRACK attack. Worst of all, it doesn’t take a genius to perform this hack; It’s shockingly easy to learn and yet difficult to prevent.
Since this is a fairly new form of cyber-attack, here’s what you need to know to prevent it from affecting you.
Recognizing the Danger of a KRACK Attack
KRACK stands for Key Reinstallation Attack. The ‘key’ being referred to here is a Wi-Fi access step that is highly vulnerable to hackers who use this hacking technique. When you log on to a Wi-Fi network, your device goes through four steps during the process. The third step is the part where access is granted, and it’s here where attackers hook into your connection.
This is a flaw in the way Wi-Fi is designed. Leaving this third step open to a hack means that the way Wi-Fi processes a connection now needs to be patched to mitigate the vulnerability.
Interesting Info-graphics: KRACK Alert info-graphics
Who is affected by KRACK?
This weakness stems from the WPA2 standard itself—not from any specific faulty implementation. That being said, if you own any product that supports Wi-Fi, it is likely affected by KRACK. While accessing websites over HTTPS does add another layer of security, you should keep a few things in mind:
- Not all websites support HTTPS.
- HTTPS-enabled websites may be downgraded to HTTP using tools like SSLstrip.
- Many IoT devices located around the house are notorious for communicating in plain text.
That last point is especially important. If you have a smart TV, for example, you should think twice about leaving it connected to your Amazon account or any other app or account that contains sensitive information.
What are the Dangers of Being Hacked?
This vulnerability allows hackers to spy on your online activity. They can see your screen as you see it and access your passwords, banking details, and other sensitive information.
They then commit fraud or identity theft using your personal information.
Here are some other dangers to having your Wi-Fi security compromised:
- Hackers can hack into your email account and send/receive emails via your connection
- They can access any cloud or FTP servers you use to archive your files
- Full access to your remote email accounts like Gmail, Yahoo or Hotmail can be obtained
- Screen sharing puts your banking history at risk because hackers can view your login details as you input them
If a security breach like this goes too far, hackers may even change your password details and lock you out of important accounts while they run free absorbing your personal information.
How to Safeguard Against a KRACK
It’s time to get patching again. As I said this attack is fairly new, so there hasn’t been too much done to counter it yet. The US Computer Emergency Response Team (CERT) has released an advisory, which notes a number of affected vendors, including Cisco, Intel, and Samsung, amongst many other major tech providers. For now, it looks as if some manufacturers are pushing out updates, which should go some way to preventing attacks. Note that devices such as laptops and smartphones will require updates as well as routers.
Until all the updates roll out, there are some things you can do to prevent it from happening to you. They aren’t guarantees, but they will minimize your risk factor.
First and most importantly, understand what all is affected and patch all your personal devices, whether phones, PCs or any smart device, be they watches, TVs or even cars. I recommend you get in touch with the relevant vendors to find out when patches are coming. Even though most anti-virus software can’t protect against a KRACK, most if not all will soon present an update that can. As anti-virus software starts adapting to this threat, you’ll wish you had some kind of protection for your device.
Another prevention strategy is to watch which sites you visit while you’re connected to Wi-Fi. If you visit sites that have https:// encryption, hackers will fail to spy on your usage. But regular http:// sites will leave you at risk. So always look out for that little ‘s’ in your URL bar.
Something else you can do is use a VPN to safeguard all your traffic activity. Find a reliable VPN (preferably not a free one) and you’ll be protected from KRACK on any device.
Interesting Read: 5 Misconceptions CEO’s need to Address for Better Cyber Security
Is Your Device at Risk?
The question you’ll probably ask is, “Is my device more at risk than others?”
It might be. Different devices possess different levels of vulnerability, so I’ve made a list of the four most popular operating systems to help you leverage adequate protection.
Microsoft is one of the few operating systems that has released a patch for KRACK. You can download this patch and update your device. This is great for laptop owners who frequent public locations to work.
Chances are your computer has already downloaded this update if automatic updates are switched on.
Android is one of the most vulnerable of all operating systems. Most phones are set to automatically connect to Wi-Fi whenever it’s freely available.
So essentially your Smartphone is a walking security risk whenever you go out in public. The patch for Android is only being released early November, but it won’t be accessible to most users until several weeks later.
For now, it might be safer to turn off your Wi-Fi when you’re not at home.
The most vulnerable of all operating systems is Linux. But luckily the company has been proactive enough to release a patch that protects against KRACK.
If you own a Mac or iPhone, you are slightly less at risk than Android users. Within a couple of weeks, Apple will release an automatic update that contains a patch against KRACK.
So for now, be careful what sites you visit. Stick to https:// encrypted sites just to be safe.
Once all these patches are rolled out, hackers will have to find new ways to breach our private information. No doubt they will always come up with new tactics to commit cyber fraud. But as they evolve their methods, so too do we evolve our cybersecurity methods. Some have done so quicker than others, but eventually, KRACK will hopefully fade away as an outdated cyber-attack.
What are your thoughts on the KRACK vulnerability? Tell us in your comments below.