The KRACK is a severe vulnerability found at the WPA2 encryption level of Wi-Fi connections, which is the most widely used around the world. Mathy Vanhoef discovered the KRACK vulnerability last year, and since that moment, terror has been spreading in the Internet world.
The WPA2 protocol is the one in charge of encrypting your data and traffic in a Wi-Fi hotspot. With the recent vulnerability, hackers can go nuts and steal all kinds of information, passwords, credit card numbers and many other resources and assets from users just by intercepting their traffic in routers and devices unprotected with the latest security patches.
What Vanhoef discovered is that the alleged randomness of the algorithms that WPA2 use to encrypt data are not so “random.” What they do is reset the nonce in the WPA2 handshake process, thus hacking a weak Wi-Fi.
WPA2 is currently the standard security option for most Wi-Fi networks, just like the WEP security protocol was at the beginning of the new century. WEP was cracked and replaced with WPA2 because it was dangerous to use WEP after the security breach. In 2017, over fifteen years after, WPA2 could suffer the same fate.
An attacker using KRACK can intercept some of the traffic that travels between your Wi-Fi access point and the devices connected to it. This vulnerability could be exploited by hackers to steal critical data from you, including your email login information, credit card pin, social media passwords, emails, photos, videos, contacts, and many other things. However, if the user implements HTTPS, the possible attacker can’t spy on his interactions.
The KRACK vulnerability is useless to obtain a Wi-Fi password. Attackers need it to access your Wi-Fi network and then, at that moment, is when he, or she, can harm you, even injecting packets of data containing viruses and malware.
Companies should, and are, releasing security patches to combat the KRACK attack. For example, Apple has patched iOS already.
KRACK, which is a shorter name for “Key Reinstallation Attack,” is a big deal, because the world has shown a significant dependency on the Wi-Fi connection. The scariest part of the problem is that the vast majority of Wi-Fi users do not know what WPA2 is and what it means to the security of the network. Even IoT (Internet of Things) devices can be affected by a KRACK attack.
What can you do to avoid KRACK vulnerability?
Avoid connecting to public Wi-Fi networks whenever possible
If you can wait a few minutes to make a transaction or to navigate the web, do it. For the sake of your data and traffic, do it. Hackers and specialists have significantly more odds to “hack” a public Wi-Fi hotspot than a private network, for example, that of your home or small office. Of course, you will not be 100% protected even in your house’s Wi-Fi, because it inevitably also runs WPA2 encryption protocol, but is far less likely that somebody will want to intercept the traffic generated exclusively by you.
If you are a business manager, then you should make sure that the clients of your shop or restaurant or café feel protected while connecting to your network. Get patches, update your equipment and software and do everything you can to protect yourself and your paying customers from KRACK attacks.
Update all your devices with the latest patches
Be smart and protect what you value. If you regularly update your devices, it will almost surely guarantee that you will be protected from KRACK attacks because they will have the most recent security patches available to combat this issue, thus lowering the vulnerability against this current threat.
Take your smartphones, computers, tablets, and other devices that use Wi-Fi connection and update them, including the auto-updating option whenever you find it: that way you would get ahead of the next security leak. Most operating systems are continually upgrading to keep their users safeguarded, but Android and Linux have fallen behind in this regard.
Protect your router or Get a VPN Router
The first device you need to look at is your router. It has firmware that needs to be updated to the latest version, if possible, and you have to make sure it has the least chances of being the target of a KRACK attack.
Your Internet service provider is the one company in charge of updating your router’s firmware, so you need to contact them to get the latest update available concerning security patches. To see if your router is up to date, you have to go to the administration panel and to get the manual of use of your ISP-powered device. Follow the instructions, and if you by any chance lost the guide, it is available on the web.
You have to insist with your ISP to have answers whether they have the latest patch for your router or not. If they don’t, or if they ignore your request, think about replacing your ISP with another one, more responsible and aware of the security risks of being the target of a KRACK attack. You can also acquire a Wi-Fi access point that has the patch; link it to your router while restricting wireless connectivity on your internet provider. Meraki, Fortinet, and Microtik are some routing devices with updated firmware against the KRACK.
Use Ethernet to evade connecting to Wi-Fi in suspicious hotspots
Another reliable option if you can’t avoid getting into public Wi-Fi networks, or if your ISP has not updated your router‘s firmware yet, is to use Ethernet to access the internet with a significantly enhanced chance of avoiding KRACK vulnerability.
If you use the Ethernet cable, you just have to disable the Wi-Fi connection on your computer (sadly, most smartphones and tablets don’t have an Ethernet port) and all of your data and traffic generated in your online ventures and sessions will pass through the cable, avoiding KRACK vulnerability.
You can implement this method if you don’t know for sure whether your router has the latest security patch in its firmware, or if you access a public Wi-Fi hotspot with no patch, or if you don’t have any data plan to work with safely.
The main drawback against Ethernet cables is that they somewhat limit your range of movement with your laptop, but it is a small price to pay with the intention of avoiding hackers to easily access all of your data with little to no effort.
Use your data plan
The WPA2 vulnerability has created the KRACK attacks. They are seen only in Wireless connections, so if you can find a way to dodge this kind of connectivity, at least staying away from public networks, you would be doing yourself a huge favor.
If you don’t have an Ethernet cable, or if you aren’t sure whether the Wi-Fi point access you are going to establish a connection with doesn’t have the latest security patch, consider taking advantage of the data plan that your carrier provides you. In countries like the United States, data plans may have no traffic limit, so it is easy for users to evade making themselves easy targets of KRACK attacks.
Especially if you are an Android user (this operating system has not made a good work protecting their clients from KRACK attacks and other security issues), you need to consider switching off your Wi-Fi and choosing to connect through your data plan instead.
Get a reliable VPN
Many people love the fact that, with Virtual Private Networks, or VPN, they can bypass geo-blocking and watch restricted content all over the world just by choosing to connect to a remoter server and borrowing a temporary IP address. But the truth is that this tool also serves as a great way to remain private and anonymous while connected to the Internet.
With a VPN, hackers will not be able to track you or steal your passwords, usernames, credit card numbers and other crucial data because your traffic will be “tunneled” virtually speaking. Encryption technologies will safeguard your information.
However, you do need to make sure you choose a quality and reliable VPN provider like TorGuard, because some of them are known for selling your traffic to anyone interested and willing to offer money for them. Remember, your ISP will not have access to your online activities, but your VPN provider will, and thus, you will not be 100% able to avoid KRACK vulnerability.
The risk goes up with free VPN services: their encryption protocols are often weak, and they are more likely to sell your traffic around, so be very cautious with who you choose to trust your online privacy and security.
|24/7 Live Chat|
|Dedicated IP Support Works W/ Netflix|
|Has Mobile App + PC / Mac Support|
|Stealth VPN / Advanced Obfuscation techniques|
|Visit VPN Provider||Visit TorGuard||Visit IPvanish||Visit PIA|
Get the HTTPS Everywhere extension
The Hyper Text Transport Protocol is the tool that gives you access to the World Wide Web. Now, this traffic is unencrypted, so in the event of a KRACK attack, hackers will be able to decipher it because of its unprotected status.
There is a resource called HTTPS, or Hyper Text Transport Protocol Secure that encrypts your data, so it can stay between your browser and the page that you are gaining access to. You can easily install the HTTPS Everywhere extension and enjoy the benefits of online security.
Opera, Google Chrome, and Firefox users can get the extension, and the best part is that doesn’t need a complicated configuration. It is extraordinarily simple to use.
Of course, HTPPS is not 100% reliable, either, but it constitutes a great tool to minimize the risk of KRACK attacks. Many big companies and retailers, like Amazon, often use the HTTPS extension. Some websites don’t have it available, so be sure to check for yourself in the little lock at the left side of the address bar. If it says “HTTPS” and “Secure,” you are safeguarded. If it says “HTTP,” you are at risk.