The WPA2 (WiFi Protected Access II) encryption protocol is the security standard used by WiFi networks and most, if not all WiFi enabled devices worldwide. Recently, a postdoctoral researcher at the Catholic University of Leuven in Belgium, Mathy Vanhoef, discovered a major flaw in the WPA2 protocol that attackers can exploit to intercept a user’s internet traffic and steal information, or even inject malware into the network.
Mathy termed the flaw ‘KRACK’ which stands for Key Reinstallation Attack. The flaw deals with the actual encrypted messages that devices send to each other when trying to authenticate a network connection. A hacker can capture the one-time key used in authentication, and hence gain access to unencrypted internet traffic that carries user’s personal information. To do this, the attacker needs to be in a physical range of your WiFi network. They can’t attack you from outside the range of the network If traffic is encrypted correctly using HTTPS, an attacker can’t look at this traffic.
All WiFi-enabled devices lie at risk, including devices running Windows, Mac, iOS, Linux, and Android. Routers and IoT devices are affected too.
However, the flaw can be fixed with security patches from device manufacturers. Microsoft released a security patch last week to Windows Devices that fixed the issue. Apple and Google are on it too.
So what can you do to be safe from krack attack?
Update all your WiFi-enabled devices once security patches are made available.
Ensure all your routers and Wi-Fi devices (laptops, phones, tablets…) are updated with the latest security patches. Also keep your ears open for future security patches and be sure to install them once they are made available.
Visit mostly Websites with HTTPS connections.
Websites with HTTPS have encrypted internet traffic, while those with just HTTP are unencrypted. You can use the HTTPS Everywhere browser extension on your Google Chrome, Firefox or Opera browser to help you auto-switch to HTTPS if a website offers both HTTP and HTTPS. If not, at least avoid sending sensitive info over a HTTP connection.
Use VPN services as extra layer of security.
With a virtual private network (VPN), all your internet traffic will be encrypted and you’ll be safe from any attack whatsoever.
Avoid Public WiFi Networks
Public WiFi networks can be quite vulnerable to attacks, hence connecting to one puts you at risk. Avoid using them, or if you have to, ensure you don’t transmit sensitive info while at it. A VPN service will also be useful here for more security.
Make use of Mobile Data or Ethernet
You might want to rely more on your mobile data when you want to transmit sensitive info like bank transactions, Email, Social media and the sort.
Also on your PC, you can use the ethernet port for internet connections and not WiFi, at least, till we are sure the issue has been handled properly.
Don’t visit unknown/insecure websites or install software from untrusted sources.
Some websites carry a lot of malware, especially those that promise free downloads, or those with plenty annoying ads. Avoid such places. Do not install software from an unverified source. Visit the product manufacturer’s website and install from there.