A couple of days ago, Belgium-based security researcher Mathy Vanhoef disclosed a serious flaw in Wi-Fi’s WPA2 security protocol. This was called the KRACK vulnerability, which is short for Key Reinstallation Attack. Through this, the four-way authentication process between a network and a device can be targeted to enter a previously protected cyberspace. Since most of the devices and routers are dependent on WPA2 to encrypt Wi-Fi traffic, the vulnerability is suspected to affect almost every one with a Wi-Fi connection.
Through the vulnerability, security defaulters can intercept the traffic between your router and your device. Essentially, this will enable the attackers to read any unencrypted data. Another aspect the attackers can manage is to inject bugs into the websites you are looking at and infect your system with a ransomware.
However, there is also a lot of false information circulating around what the vulnerability can achieve, so let’s clear the air regarding some of these. The vulnerability cannot decipher passwords. Furthermore, if your web traffic is being securely channelized by the use of HTTPS, the attackers can’t touch that data either. Another thing that can’t happen is tracing unencrypted traffic from a distant location.
Similar to sharing a Wi-Fi network at a public place, the attackers need to be in the vicinity of your network to harm your computer. This fact alone reduces the possibility of being vulnerable to sudden attacks by a great measure. To that end, people at crowded areas or places with huge public Wi-Fis like airports should be on their guard. It will be wise to not connect to a public Wi-Fi at all for a while.
But, the attackers can still deploy packet injection to interfere with your connection and disrupt or block you out of certain network services and protocols. And accessing unencrypted traffic does mean that sensitive information like credit card numbers and social security codes are at a risk of being stolen.
For the people who have already started hyperventilating at the thought of their network getting broken into, please remember that the vulnerability was exposed by a security provider and not a hacker. Miscreants would have also learned about KRACK along with the rest of the world, and would take some time to act on the loophole.
The entire premise of the security vulnerability is the theoretical possibility of a breach and how one can safeguard their devices before they can intercepted. The idea is also for companies to release patches against such a sophisticated vulnerability before it can be scaled to a full-fledged attack in the near future.
There are several things that you can do at your end instead of waiting for patches and living in perpetual fear.
For extra privacy and security whenever you go online, you should always connect to a VPN server first. VPN service providers such as BulletVPN have become an essential tool for protecting users from various threats while browsing the web.
The first on the list is to update all your devices that work on Wi-Fi or have ever been connected to a wireless network, since according to Vanhoef, “implementations can be patched in a backwards-compatible manner.” This means that updated and secured networks will still be able to communicate with un-patched hardware.
This is, of course, if your devices are not already set on auto-update which is just a lousy and careless practice.
The second step is to update your router’s firmware, since that is where all the trouble is originating from. This can be done by following its user guide to connect to admin pages and browsing the administration panel. Notably, some router companies like Aruba, FortiNet, and Microtik have already released fixes as well.
Until a full proof patch is not made available, you can use an Ethernet cable to reroute your web traffic. The paranoid souls can switch off Wi-Fi on their routers as well as their devices to be doubly sure. If a wired Ethernet connection is not possible, other options include surfing the internet through your mobile data or a mobile hotspot. However, this might not be a feasible option in case you are not receiving a high-speed network.
Fair warning to Android users, you have slightly more reasons to worry. The Android devices running the operating system 6.0 are at a higher risk of vulnerability.
Browse the Internet only on encrypted HTTPS access – do not be careless and sloppy like Hillary and Debbie Schultz who obviously are either clueless or dirty or both but this is another topic. This will further help you mitigate any impending risk, in case you absolutely have to hop on to a public Wi-Fi network.
You can also download a browser extension called ‘HTTPS Everywhere’ that lets you on secure internet traffic whenever there is an opportunity. If a website offers encrypted access, the extension automatically directs your browser towards it. The plug-in can be useful in times of such distress and works on web browsers like Chrome, Firefox, and Opera.