A scary new WiFi vulnerability is being reported this morning, and it affects pretty much every WiFi device out there. That’s because the exploit attacks the WPA2 security protocol.
What’s the exploit?
Without going into too much detail, the exploit — being dubbed KRACK Attacks — involves taking control of the third step within a 4-way handshake that’s needed to verify each client has the correct WiFi password. When taking control of this step, the attacker can intercept data and even reroute traffic.
But although this thing can hit any and everyone, one particular subset of Android users will be especially vulnerable to a variant of the attack which can also inject ransomware or malware into, say, websites you visit. This variant only affects Android 6.0 users, but that’s still a whopping 41% of the user base.
In the video embedded above, the researcher — Mathy Vanhoef — gives us a look at how an attacker can use tools to exploit the vulnerability and intercept data being put into an insecure website on an Android phone. Indeed, swiping a username and password seemed trivial.
Am I in danger?
Not necessarily you directly, but if you have a device with WiFi, you’re vulnerable. That said, the vulnerability requires the attacker to be within range of the WiFi networks you use. As of now, there is no known active widespread attack, though the methods to perform it are out there and someone with some knknow-howould easily target you without you knowing.
It’s also important to note what kind of information could be exposed should someone attack you, and that’s pretty much anything that could be sent over a WiFi connection. That includes names, usernames, passwords, phone numbers, credit card numbers, bank account numbers, social security numbers, ALL THE NUMBERS. So yes, this is pretty scary, but you’re not entirely SoL.
How can I protect myself?
As this vulnerability exists within the underlying WPA and WPA2 security protocol, it’s not as simple as buying a new WiFi router or device. There are routers and devices that will get updated to address the exploit in due time, but we’d wager to guess that a great deal of folks in the world won’t be able to get any updates at all.
While we await further movement on this issue, here are some things you can do to protect yourself:
- Don’t use public WiFi.
- Only visit secure websites (look for ‘https://’ leading the URL). An attacker trying to intercept data from a secure transmission will get gibberish.
- If you must use WiFi, consider using a VPN to securely transmit your data.
- Don’t use WiFi at all, if you can. Ethernet is the safest bet.
And before you go changing those passwords, don’t bother, as this is one of the first WiFi attacks that doesn’t even require a password. The author of the whitepaper detailing this vulnerability also suggests using WEP is not an acceptable alternative to staying on WPA security, as it’s still far more insecure.
As such, your only course of action right now is to stick to the tips above and pray that no one has it out for you. The author of this whitepaper has already contacted the necessary officials to get them going on the necessary steps to eradicate the issue, though only time will tell how far-reaching those measures will be.