A KRACK in WI-FI security: everything you need to know

Nearly every device we use has Wi-Fi capabilities – from smartphones to laptops, iPads and TVs. The security protocol WPA2 – the norm for Wi-Fi password security worldwide can be compromised. It’s fact. This means hackers can potentially exploit the comprise in the code and inject malware such as ransomware into websites and ultimately read your sensitive data.


What is KRACK?

An attacker within range of your Wi-Fi device can exploit the weakness of the WPA2 protocol using a “Key Reinstallation Attack” also known as a KRACK. This attack allows hackers to read sensitive information that was previously encrypted. This includes your credit card numbers, passwords, chat messages and emails.


So what’s the problem?

Vanhoef found a problem with the code behind the WPA2 encryption protocol. This essentially means that all devices you are using are vulnerable to hackers who want to pick up on the internet traffic flowing in and out of your mobile devices, laptops and really anything you’re using with a Wi-Fi connection. This is a high risk for users when you could be dealing with sensitive information such as your banking accounts.


How am I affected?

For your Wi-Fi to be compromised the hacker needs to be in range of your WiFi network. They can’t attack you outside of your network, for example you can’t be attacked from another country. Attackers can’t obtain your Wi-Fi password using this vulnerability, they can just look at your unencrypted traffic if they know what they’re doing.

Mr Vanhoef warns that any device that supports Wi-Fi is likely affected by KRACK, but that Linux-based devices, as well as Android devices running version 6.0 or higher of the Android operating system, are especially at risk. At the moment that currently includes more than 40% of Android devices.


How can I protect myself?

  • Firstly, the most important thing you can do is to continually update your devices as patches and new software becomes available.
  • Secondly, you’ll want to consider patching your router firmware if the manufacturer doesn’t update it for you automatically.


Many operating systems and applications (including web browsers) use additional security methods to prevent eavesdropping, but while sensitive data like credit card information might be hard for eavesdropping hackers to extract, it wouldn’t be impossible. 

In terms of positive news, “KRACK” can be fixed with a simple software update in most devices. Microsoft has already released a patch for Windows that fixes the flaw and Apple will roll out an update as they are currently finalising patches for iOS, MacOS, WatchOS and TVOS that will be available in the next few weeks.


So, what can we all take away from this situation?

Ideally it’s key for all Wi-Fi users to ensure that all of their devices are updated with the latest possible softwares in order to reduce the risk of a hacker gaining access to your sensitive materials. It’s also important to note that users need to be aware when connecting to Wi-Fi run by small businesses as they do not generally have the IT infrastructure to prevent an attack.