Krack: Should I be worried? everything you need to know

Krack Attacks: Some days ago I mentioned through him SecNews.gr for a defect in the Wi-Fi standard that can be used by attackers to track wireless network traffic even if WPA2 protection is used.

Today we will see if the error can affect you, and who is most at risk.KRACK

The explanation of the attack

The attacks reKey Reinstallation Attacks or Krack Attacks work on all Wi-Fi networks protected by the WPA2 standard and in some cases can be used for injections resulting in data manipulation. The attack works on WPA and WPA2 security standards against personal and business networks that have Wi-Fi connections.

The attack method works against the 4-way handshake of the WPA2 protocol. This handshake is performed when client devices, such as a smartphone or laptop, attempt to connect to the of Wi-Fi.

The handshake verifies the credentials and negotiates an encryption key that is then used to protect traffic as long as the connection remains active.

The main defect discovered by the researchers affects the key and is achieved by "managing and responding to encrypted messages of the handshake" or "manipulating and replying cryptographic handshake messages".

The researchers note that the data being transferred can (theoretically) be decrypted by the attacker.

Can the attack affect me?

Let's start with them good news. KRACK attacks are hard to hackers for a simple reason: they should be within the reach of a Wi-Fi network. Unlike some other global attacks like Heartbleed and Shellshock, the hacker can not perform the KRACK attack remotely.

Second, a hacker can attack only one network at a time. Suppose the attacker sits in a public space, say a café in the center of Athens. He is most likely to see hundreds of networks within his reach, but there is no way to attack them at the same time.

So if a hacker is thinking about launching a KRACK attack, the most likely targets can be large hotels, airports, railway stations or large public networks with thousands of people connected daily.
Your home network is almost safe.

The bad news? A KRACK attack is capable of destroying you.

With a successful Krack attack a hacker can easily obtain credit card numbers, passwords s, your conversations, emails, photos, and more. This can lead to financial losses and of course the theft of your identity. We should also mention that with certain network settings attackers can introduce malware, ransomware and spyware to websites you visit and by extension to your computer.

Can KRACK be repaired?

Yes, hardware manufacturers and software developers can patch devices and software that are vulnerable to KRACK attacks. Microsoft and Apple were especially quick, releasing beta patches the same day the flaw was publicly announced. Google has said it will release an updated one of Android in the coming weeks.

However, using Wi-Fi connections on your mobile devices does not mean that the problem will be solved only by a software update on those devices. The attack mainly targets routers and IoT devices, so you should immediately update your router or smart refrigerator. This will probably take a long time, as many of the companies that manufacture these devices are not as aware as Microsoft and Apple.

Your router is undoubtedly the most critical device for updating. If your model has not updated its firmware, you should contact your Internet service provider and request an update as soon as possible.

What can I do until they decide to update the Firmware

Use : KRACK does not affect the web in general, it simply targets Wi-Fi connections. If you can connect to a network using an Ethernet cable, your device will be secure.
Use cellular data on your phone: Likewise, when using mobile phones, simply use your mobile internet connection rather than a public Wi-Fi.
Tether connections from your phone: In public, it may be more secure to use the option to connect the computer from your phone instead of connecting directly to a Wi-Fi network.
Turn off vulnerable Internet of Things (IoT) devices: You may not be worrying about a hacker's access to your refrigerator data, but you should worry about accessing your network. Temporarily disable any extremely sensitive IoT device until a firmware update is available.
Use VPN: VPNs (virtual private networks) encrypt all your network traffic, so even if a hacker manages to access with a KRACK attack, he will not be able to decode it.

Are you worried about KRACK attacks?

KRACK attacks are another reminder that we are not as intimidating as we want to think.

We can use powerful passwords, applications like KeePass, software and firmwares, take a thousand security precautions, but we are at the mercy of the technology we use. Once a technological defect is discovered, it does not matter how consistent we are with safety advice.

Let's say that because of the nature of the attack and the degree of difficulty, you should not worry too much unless of course you are a very important person.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.081 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).