Team Clark is adamant that we will never write content influenced by or paid for by an advertiser. To support our work, we do make money from some links to companies and deals on our site. Learn more about our guarantee here.
It’s one of the most dangerous tech exploits ever discovered and it can impact any wireless device that accesses a public or private Wi-Fi network.
We’re talking about the KRACK attack!
When this pernicious attack is deployed, your data that’s supposed to be protected on a home or business Wi-Fi network goes up for grabs for any criminal to snatch.
Unfortunately, if you read the techie blogs trying to get the inside track on KRACK, you’re likely to come away confused.
Between all the jargon they throw around and the befuddling snippets of malicious programming that they embed as illustrations, your eyes are likely to glaze over pretty quickly!
So here’s a simple KRACK primer to get you started with some background knowledge.
RELATED: Gmail rolls out the strongest security yet for email users
Here at Clark.com, we aim to demystify the hype around new tech security developments and give you actionable advice.
No code, no confusion and no clutter. We promise!
OK, let’s get started…
KRACK stands for key reinstallation attacks.
It’s a phrase coined by researcher Mathy Vanhoef, a postdoctoral researcher in computer security, who discovered the exploit and explains it thoroughly at KRACKAttacks.com.
Basically, KRACK threatens the handshake portion of the Wi-Fi Protected Access II (WPA2) protocol.
A “handshake” is done whenever someone tries to sign on to a protected Wi-Fi network. The handshake establishes that you have the correct password for the network.
After the handshake, a new encryption key is generated to lock down traffic for security purposes. That’s where the key reinstallation attack part comes in.
The reinstallation is the Achilles’ heel here; using a simple exploit, a criminal can trick a targeted network into reinstalling a key that’s already in use.
But these keys are a “one and done” kind of thing. If a key that’s already in use is secretly introduced into WPA2 protocol, it can be exploited and finagled to reveal the very data it is intended to protect.
Your data is at risk on both private and public Wi-Fi networks — but especially on public networks.
The KRACK research website is filled with ominous pronouncements like “The attack works against all modern protected Wi-Fi networks” and “if your device supports Wi-Fi, it is most likely affected.”
In addition, Vanhoef says criminals “might be able to inject ransomware or other malware into websites.”
Not necessarily.
“Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations,” Vanhoef writes on KRACKAttacks.com.
“For example, HTTPS was previously bypassed in non-browser software, in Apple’s iOS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps.”
As crazy as it sounds, the safest way to play this is to not use public Wi-Fi at all until a proven fix is in place across the board.
Do everything you have to do over cellular data when you’re out and about, not wireless data.
Yes and no. It depends on what kind of device and operating system you have, according to Wired.
If you’re an iPhone, Mac, or Windows computer person, patches are available.
While the patches should, in theory, have updated and rendered automatically for you, your best bet is to manually check and make sure you’re current with all your updates.
For those using Android, Wired reports there is a patch in the works that will be deployed first to Pixel and Nexus users. Then it will be made available for everybody else.
No. In fact, an attacker who uses the KRACK exploit has no way to recover the password of a targeted Wi-Fi network.
The crazy thing is, they don’t even need your username or password to inflict the damage they’re capable of inflicting via this exploit.
Instead of relying on changing your password, Vanhoef says you should update the firmware of your router instead. Check out this frequently updated list of router vendors that have issued KRACK patches.
That said, it’s never a bad idea to change the Wi-Fi password once you’re all patched up!
The best ongoing source for info is the official KRACKAttacks.com site hosted by researcher Mathy Vanhoef.
RELATED: How to reduce, or even erase, your digital footprint
[anvplayer video=”4163665″ station=”998267″]
This post was last modified on October 19, 2017 2:10 pm
You walk into a Costco browsing for treasures and hoping to find some delicious free…
If you've been considering signing up for one of the Chase Sapphire credit cards, now…
The costs associated with owning a home go way beyond the amount on the mortgage. …
Inflation hits people on a fixed income the hardest. Say you're retired. You're living off…
Deciding to save and invest are great habits. But once you check that box, your…
If you're considering subscribing to Fubo, you need to be comfortable missing out on some…