Back to Top

Scroll Down

 


My Guides


Your guide to KRACK attacks

Security researcher Mathy Vanhoef from Belgian university KU Leuven has recently demonstrated that a hacker can easily intercept and decrypt the data packets that are sent by an Android phone over a wireless network, even if the network is using the WPA2 encryption protocol and utilizes a strong password. The attacking method was named KRACK, the short version for "key reinstallation attack", by Mr. Vanhoef. Here's a link to his website, where he provides much more information about the problem.


In a nutshell, a hacker that uses the KRACK attack will force the system to reinstall an already existing key. Wi-Fi encryption keys aren't reusable in theory, but the WPA2 flaw gives the attacker the option of tweaking the data packets that are used as handshakes between the router and its clients, thus making the keys accessible through a re-installation.


By making use of this newly discovered vulnerability, cyber criminals can get access to credit card information, user account information, email information, email attachments, and more. Depending on the actual network configuration, the attackers may even be able to inject malware into the system.


So, what should you do to protect your sensitive data? According to the researcher, Linux and Android devices are the most affected, at least for now. It's not a surprise, since Android uses a Linux-based kernel. The first step, then, is to apply any security patches as soon as they become available. Don't wait until they are pushed to your device/computer; be proactive and search for updates on a daily basis, until you can download them.

Sadly, most Android users don't patch their devices. And to make things even worse, there are literally thousands of different versions of the popular OS. Not only that, but most phone manufacturers aren't too eager to patch their old products. They prefer to boost the sales of the newest models by only offering system updates and patches for them.


According to Kevin Beaumont, KRACK attacks won't work against Windows-based devices. But if I know a thing or two about security, I think that he may be wrong, because this is a Wi-Fi vulnerability, and not a hardware-based one. (Update: I was right! Microsoft has just released a patch that fixes the spoofing vulnerability, changing the way in which Windows verifies wireless group key handshakes). Once that the hacker is in, he can send broadcast and/or multicast traffic to the hosts on your network, even if it is protected by WPA2.


But how serious is this threat? While the danger is 100% real, hackers who want to execute a KRACK attack would need to be in the range of your Wi-Fi network. Then, they need to execute a MitM (man-in-the-middle) attack to intercept several data packets. Also, the attacks can't be scaled / automated; they must target your device(s) specifically.


Fortunately, if your device is communicating with a website that uses the HTTPS protocol, data interception continues to be almost impossible. Therefore, another important thing is to stop visiting any old / shady sites. Whenever you browse the web, ensure that the left side of your browser's address bar shows a padlock icon. That shows that you are accessing a secure site.


Finally, it may be wise to invest some money in a Virtual Private Network service. It can help keep your data secure, because it encrypts all the traffic, and it won't make a dent in your wallet.