How The ‘KRACK’ Wi-Fi Security Issue Affects Us All

WPA2 KrackedThe invention of Wi-Fi or wireless networking has been a dream come true. We can use our laptops and tablets anywhere in the office and our phones are using the main internet connection instead of sucking down data on the 3G / 4G network. It is essentially the backbone of the smart tech boom for home and business alike. Most Wi-Fi networks are password-protected with an encryption called “WPA2” and up until now this has been safe and secure.

Recently, a security flaw called KRACK (The Key Reinstallation AttaCK) was discovered. KRACK allows hackers to break into Wi-Fi networks – even the secured ones and your wireless networks are possibly vulnerable as a result.

How KRACK works?

KRACK doesn’t work via a problem with your device or how it was set up as it is an actual issue with the Wi-Fi technology itself. The attack gets between your device (eg computer, tablet or mobile phone) and the wireless access point (eg modem / router) to reset the encryption key so hackers can view all network traffic in plain text. Since just about everyone relies on Wi-Fi so much, this might mean hackers have a front row seat to your credit card numbers, passwords, confidential files, emails and more.

NOTE: The hacker needs to be in physical range of your Wi-Fi network to exploit this flaw and it doesn’t work remotely like other attacks we’ve seen recently. Given that most Wi-Fi networks extend well past your own home/business walls, this is small comfort, but important to know.

How to protect yourself

Run your updates: Software updates are being released which fix the flaw. Microsoft has already released them for Windows and Apple has one coming in a few weeks. So please take a few minutes to make sure you’re up to date with all your patches on any device that uses Wi-Fi (your smartphones, laptops, tablets, PCs, game consoles, etc). Unfortunately, some devices may be slow to get an update (eg Android phones), or if they’re older, may not get an update to fix the issue at all. If possible, consider using a cabled connection on those older devices or upgrade to one with support. With smart phones consider using data on the 3G / 4G network instead of Wi-Fi.

Be very careful with public Wi-Fi: While your local business center, library or school campus should have expert IT professionals keeping guard over security, it is a very different matter at your local coffee shop. It is unlikely small locations such as this will be on top of security patches. Remember, a hacker exploiting this flaw only needs to be in the same Wi-Fi area as you, so be careful you don’t give them an opportunity to grab your precious data.

Check your browser security: Before sending anything private over the internet, check that you are using a secure HTTPS site. You’ll know these by the little padlock you see next to the URL, and the address specifically begins with HTTPS. Major sites like Facebook, Gmail and financial institutions already use HTTPS.

If you need help updating your devices, or want us to check if you’re safe, give us a call on 08 8326 4364 or via email at support@dpcomputing.com.au.