How to protect yourself from the KRACK Wi
So it turns out your Wi-Fi is vulnerable to hackers. A newly released research paper dropped a pretty sizable security bomb: The security protocol protecting most Wi-Fi devices can essentially be bypassed, potentially allowing an attacker to intercept every password, credit-card number, or super-secret cat pic you send over the airwaves.
So what, if anything, can you do about all this — other than go back to the Ethernet cable-laden Dark Ages? While at present there is no all-encompassing way to protect your Wi-Fi, there are a few steps that you can take to mitigate your risk. And you definitely should.
SEE ALSO:Huge security flaw leaves Wi-Fi devices wide open to hackersFirst, let's take stock of just how bad things are. Researcher Mathy Vanhoef, who discovered the vulnerability, explains that it allows for an attack that "works against all modern protected Wi-Fi networks." That means your home, office, and favorite cafe are all potentially at risk.
At issue is WPA2 (the standard Wi-Fi security protocol) itself — not how it's being implemented. Vanhoef realized that he could "[trick] a victim [device] into reinstalling an already-in-use key," subsequently allowing transmitted information to "be replayed, decrypted, and/or forged."
Vanhoef has dubbed this method the KRACK attack, which stands for "key reinstallation attacks."
Importantly, the researcher makes no claim that bad actors are currently exploiting the flaw that he discovered. (That doesn't necessarily mean they're not, though.)
"We are not in a position to determine if this vulnerability has been (or is being) actively exploited in the wild," he writes on his website. So while no one may at present be using this method to snoop on your web browsing, it doesn't mean someone hasn't in the past or won't in the future. In other words, it's past time to take some precautionary measures.
What to do
Unfortunately, our options right now aren't great. You can make sure your router configuration is up to date, and you should, but even that may not protect you from KRACK. Oh, and changing your Wi-Fi password won't do anything to help. However, there is some good news. Notably, the problem can be fixed. That means you shouldn't have to actually replace your vulnerable devices.
Tweet may have been deleted
"[Luckily] implementations can be patched in a backwards-compatible manner," writes Vanhoef. "This means a patched client can still communicate with an unpatched access point, and vice versa. [...] However, the security updates will assure a key is only installed once, preventing our attacks. So again, update all your devices once security updates are available."
Responsible device manufacturers around the world are scrambling to issue patches, and security researcher Kevin Beaumont notes a Linux patch already exists. Other companies are following suit, and Owen Williams of the Chargednewsletter has compiled a list of which tech companies are on top of this mess. When patches do become available, you need to update your Wi-Fi-connected gadgets ASAP.
Tweet may have been deleted
But wait, there's another reason you can take a deep breath. Beaumont argues that the level of sophistication required to pull off KRACK on certain devices means the average consumer doesn't have to freak out right now. Unless they're running Android, that is.
"The attack realistically doesn’t work against Windows or iOS devices," he explains. "The Group vuln is there, but it’s not near enough to actually do anything of interest. There is currently no publicly available code out there to attack this in the real world — you would need an incredibly high skill set and to be at the Wi-Fi base station to attack this. Android is the issue, which is why the research paper concentrates on it."
So... we're OK then?
The general consensus coming out of all this appears to be that yes, everything is screwed, but (for now) devices are vulnerable only to really skilled people, and most of those devices can also be protected. Basically, today is not the day that Wi-Fi died. If major providers scramble and release patches (some of which already have), and people actually update their devices, we'll mostly be OK.
Tweet may have been deleted
Sure, some manufacturers won't issue fixes, and some consumers won't update, but that's the ongoing story of online security.
This is a good opportunity to make sure that your router's settings are up to date (which, remember, at present still means it's vulnerable to KRACK), and to set daily reminders to check if the manufacturer of your smartphone, laptop, desktop, tablet, router, smart TV, etc., have released a fix for KRACK. Because the responsible ones will, and when they do it will mean that you can go back to browsing the web one paranoid click at a time.
In the meantime, consider digging out that old Ethernet cable for any sensitive online transactions — your credit card number will thank you.
Featured Video For You
This small army of robots will do your shopping for you
-
中山古镇:到苏炳添家乡看“村BA”,来一场说走就走的美食之旅爱眼日市人民医院眼科与你有约最美献血者贺业虎:甘洒热血献青春Barack Obama just banned selfies at his Chicago summitPCB official under probe for conflict of interestNASA drills freaky scenario where elusive asteroid heads towards EarthAndroid 13 update begins rolling out on Google Pixel phonesN. Korea intends to launch satellite between Aug. 24 and 31: KyodoThe OLED BurnApple may retire the iPhone mini, but the small iPhone dream lives on
- ·护航孩子成长 解决职工后顾之忧
- ·雅安地震灾区第一批修复加固学校和医院提前18天交付使用
- ·Felix at the double as Atletico down Juventus
- ·What is life like for disabled people in North Korea?
- ·2016's $400 GPU vs. 2019's $400 GPUs
- ·爱眼日市人民医院眼科与你有约
- ·[Newsmaker] ‘Spycam porn’ victims support program launched in South Korea
- ·Creature with giant eggs filmed thousands of feet undersea
- ·14 Heists, Robberies, and Other Great Capers
- ·专家培训 培养未成年人心理健康教育骨干队伍
- ·Felix at the double as Atletico down Juventus
- ·Google Meet will finally stop messing up your hat
- ·Pakistan Cricket at crossroads after shock defeat at Pindi
- ·National Fire Agency vows zero tolerance for violence against rescue workers
- ·Google Maps update improves cycling directions and location sharing
- ·Android 13 update begins rolling out on Google Pixel phones
- ·NYT Strands hints, answers for August 29
- ·Facebook quarterly earnings were amazing. Zuckerberg isn't cheering
- ·N. Korea on alert as Typhoon Khanun approaches
- ·Felix at the double as Atletico down Juventus
- ·Best Home Depot Labor Day sale deals
- ·N. Korea criticizes European countries for sending F
- ·“计划生育家庭意外伤害保险”抚慰地震中有成员伤亡计生家庭
- ·为确保质量安全 水产品也要亮证销售
- ·雅安公安接连破获两起汉源湖非法捕捞案
- ·Dating app Bumble just changed for men in a major way
- ·阳江村K开麦,阳西3人晋级!
- ·Barack Obama just banned selfies at his Chicago summit
- ·[Newsmaker] ‘Spycam porn’ victims support program launched in South Korea
- ·What to expect from Apple's iPhone 14 September event
- ·Nvidia GeForce Now Ultimate vs. New Graphics Card
- ·宝盛派出所 细心为群众找回“失踪”财物受赞扬
- ·N. Korean workers return home from China by road for 1st time since pandemic
- ·We tested 3 major virtual makeup try
- ·CeeDee Lamb secures record
- ·Android 13 update begins rolling out on Google Pixel phones