Why can KRACK be so dangerous?
Cybersecurity experts have discovered a critical weakness in Wi-Fi connections that could make your private information vulnerable to cyber criminals. The threat is called KRACK (key reinstallation attacks) and could allow someone to steal information sent over your private Wi-Fi or any open connections you might access in public places like coffee shops.
KRACK is dangerous because it affects so many people. Most people who connect wirelessly to the internet through Wi-Fi on their phone, tablet, laptop, etc. do so using the WPA2 (Wi-Fi Protected Access) protocol that helps keep your information safe by encrypting it—making it a secret code. Only now, KRACK has made it much less protected because thieves may be able to decypher the code that protects your information, and read it whenever they want.
Cyber criminals can also use KRACK to modify wirelessly transmitted data to and from the websites you visit. You might think you’re going to your bank’s website, when in reality you’re at a fake phishing site made to look like it. You unknowingly enter your username and password, and the thieves now can record that information.
How do I protect myself?
Update your operating system
Update your OS ASAP. In the meantime, Apple, Google and others are presumably working to roll out a patch to protect against KRACK.
Microsoft just announced it included a patch in an October 10th security update. For Windows customers who have their “Windows Update enabled and applied the security updates,” they’re automatically protected from the KRACK threat, according to Windows Central.
However, don’t assume you’re protected. Even if you’re a Windows user, double check you have the latest security updates.
Use Wi-Fi networks only when necessary
Until you’ve installed the security KRACK patch, avoid using Wi-Fi connections, both at home and especially public hotspots. Your home Wi-Fi connection is slightly more secure only because cyber thieves need to be relatively close to your physical location to steal your data. But that doesn’t mean you’re safe at home or in public.
If you absolutely need to use a wireless network, make sure you’re not transmitting confidential info like your SSN, credit card number, or bank information.
If possible, hardwire your wirelessly connected devices back to your modem/router. Cyber criminals can’t steal signals out of the air if they’re not there, so find that yellow ethernet cable you stashed somewhere in a drawer and use it to connect to as many devices as possible.
Update your wireless router’s firmware
Your router’s firmware helps it work correctly with your devices, so keep it up-to-date. When the security patch rolls out, you don’t want any issues with conflicting or unsupported firmware versions. Updating your router’s firmware is a relatively painless process.
Configure your router so only your approved devices can connect to the network. Each of your devices has a media access control (MAC) address that uniquely identifies it to work with the network. Configure your router to only allow listed devices. The process may differ depending on your router brand.
Hide your Wi-Fi network so even those close enough to detect your signal won’t see it listed. Hiding your network won’t stop dedicated hackers from eventually finding it, but it will create another step they must go through, which is your goal until the patch comes through. It’s likely it will take developers some time to adequately address KRACK, so stay vigilant.
Avoid unencrypted websites
Encrypted websites contain an HTTPS at the beginning of their URL’s. The information you send and receive to them is secure. Websites that only use the HTTP are NOT encrypted. So use HTTPS sites as much as possible. HTTPS Everywhere is a browser plugin that automatically switches thousands of sites from HTTP to HTTPS.
Get some good cybersecurity software
Having cybersecurity software always helps mitigate risk. For critical attacks like KRACK, it’s especially important to add as many layers of protection as possible.
What information can be stolen?
Anything you can send wirelessly over the internet. So, pretty much everything. Passwords, credit card numbers, voice messages, pictures, texts, and the like. Again, this goes for both public and private wireless networks, so your info could be stolen while you’re signed in to the library’s Wi-Fi network or when you’re texting someone from your living room. Deactivate your cell phone’s Wi-Fi connection until you’ve gotten the fix from your OS developer or stay on 3G network for data transfer.
Can it affect my devices?
Strictly speaking, no. Neither your wirelessly connected devices nor your router are being directly targeted. Unlike ransomware, thieves aren’t KRACKing into your device and threatening to destroy your information. It’s more of an elaborate heist job than a hostage situation. They want to decrypt the protocol, to eavesdrop on what your devices are saying. They’re interested in the info not who is talking. More importantly, thieves want to go unnoticed.
How did the KRACK vulnerability happen?
Your cell phone and Wi-Fi device (i.e. modem) need to “talk” to each other decide on how to work together transmit data. The language they use is called a protocol, or system of rules. The protocol is encrypted for privacy. It’s like if two people switched to a different language to discuss something privately. If you don’t know the language, you’re in the dark. That’s how your information is kept private when sent over Wi-Fi.
But the KRACK attack gives cyber criminals an opening to decrypt the information sent. It would be like someone bringing an interpreter to the couple’s private discussion. They now can overhear everything that’s being said.
Can I tell if someone’s stealing my info over Wi-Fi?
As of yet, there’s no way to know if someone is KRACKing your wireless access. That’s why it’s especially important to keep an eye out for an update, and to follow the safety recommendations above.
The post KRACK attack: beware of public Wi-Fi appeared first on Panda Security Mediacenter.