Krack Attacks: Some days ago I mentioned through him SecNews.gr for a defect in the Wi-Fi standard that can be used by attackers to track wireless network traffic even if WPA2 protection is used.
Today we will see if the error can affect you, and who is most at risk.
Her explanation attackς
Key Reinstallation Attacks or Krack Attacks work on all Wi-Fi networks protected by the WPA2 standard and in some cases can be used for injections that result in data manipulation. The attack works on WPA and WPA2 protection standards against personal and business networks that have Wi-Fi connections.
The attack method works against the 4-way handshake of the WPA2 protocol. This handshake is performed when client-based devices, such as a smartphone or laptop, attempt to connect to the Wi-Fi network.
The handshake verifies the credentials and negotiates an encryption key that is then used to protect traffic as long as the connection remains active.
The main defect discovered by the researchers affects the key and is achieved by "managing and responding to encrypted messages of the handshake" or "manipulating and replying cryptographic handshake messages".
The researchers note that the data being transferred can (theoretically) be decrypted by the attacker.
Can the attack affect me?
Let's start with them good news. KRACK attacks are hard to hackers for a simple reason: they should be within the reach of a Wi-Fi network. Unlike some other global attacks like Heartbleed and Shellshock, the hacker can not perform the KRACK attack remotely.
Second, a hacker can attack only one network at a time. Suppose the attacker sits in a public space, say a café in the center of Athens. He is most likely to see hundreds of networks within his reach, but there is no way to attack them at the same time.
So if a hacker is thinking about launching a KRACK attack, the most likely targets can be large hotels, airports, railway stations or large public networks with thousands of people connected daily.
Your home network is almost safe.
The bad news? A KRACK attack is capable of destroying you.
With a successful Krack attack a hacker can easily obtain your credit card numbers, passwords, chats, emails, photos, and more. This can lead to financial losses and of course the theft of your identity. Also mention that with certain network settings attackers can introduce malware, ransomware and spyware on websites you visit and by extension on your computer.
Can KRACK be repaired?
Yes, hardware manufacturers and software developers can fix devices and software that are vulnerable to KRACK attacks. Microsoft and Apple were particularly quick to release beta patches on the same day that the bug was publicly announced. Google has announced that it will release an update to Android in the coming weeks.
However, just because you use Wi-Fi connections on your mobile devices, it doesn't mean that the problem will be solved with just one information software on those devices. The attack mainly targets routers but also IoT devices, so you should update your router or smart fridge immediately. This will probably take a long time, as many of the companies that make these devices are not as aware as Microsoft and Apple.
Your router is undoubtedly the most critical device for updating. If your model has not updated its firmware, you should contact your Internet service provider and request an update as soon as possible.
What can I do until they decide to update the Firmware
Use Ethernet: KRACK does not affect the web in general, it simply targets Wi-Fi connections. If you can connect to a network using an Ethernet cable, your device will be secure.
Use cellular data on phone your: Likewise, when using mobile phones, simply use your mobile internet connection rather than a public Wi-Fi.
Tether connections from your phone: In public, it may be more secure to use the option to connect the computer from your phone instead of connecting directly to a Wi-Fi network.
Disable vulnerable Internet of devices Things (IoT): You may not be worrying about a hacker's access to your refrigerator data, but you should worry about accessing your network. Temporarily disable any extremely sensitive IoT device until a firmware update is available.
Use VPN: VPNs (virtual private networks) encrypt all your network traffic, so even if a hacker manages to access with a KRACK attack, he will not be able to decode it.
Are you worried about KRACK attacks?
KRACK attacks are another reminder that we are not as intimidating as we want to think.
We can use powerful passwords, applications like KeePass, software and firmwares, take a thousand security precautions, but we are at the mercy of the technology we use. Once a technological defect is discovered, it does not matter how consistent we are with safety advice.
Let's say that because of the nature of the attack and the degree of difficulty, you should not worry too much unless of course you are a very important person.
