How to prevent a KRACK attack on your Wi-Fi

How to prevent a KRACK attack on your Wi-Fi

By Francis Navarro, Komando.com October 18, 2017
If you've been following our Happening Now section, you've most likely heard of this newly discovered major vulnerability that affects WPA2, the current protocol of choice for Wi-Fi security.
It's a scary flaw since it can allow an attacker to intercept data from a nearby Wi-Fi network, including passwords, photos, credit card information, private messages, emails and web activity. Basically, anything that's normally protected and encrypted by the WPA2 standard.
It also infiltrates man-in-the-middle attacks that allow an intruder to insert malicious content such as ransomware to whatever website a connected gadget is visiting.

What is KRACK?

The alarming flaw was nicknamed KRACK - short for Key Reinstallation Attack.
Basically, this is how it works. An attacker can capture data from a nearby WPA2 protected Wi-Fi network by impersonating it and cloning its MAC address (a MAC address is a Wi-Fi gadget's unique network identifier).
Gadgets connecting to the original router can then be forced to connect to the attacker's clone network first.
Before the flaw was discovered, WPA2 clients were protected from this switcheroo since unique keys are required to encrypt each block of data. Simply put, the keys from the real and the fake network won't match, making the switch impossible.
However, KRACK uses a flaw in the WPA2 handshake system that allows the fake network to reuse the same encryption keys over and over and make them valid again.
And because it affects the Wi-Fi standard instead, it persists across every gadget that uses Wi-Fi but Android and Linux devices are more vulnerable since these systems don't require a unique WPA2 encryption key each time.
Macs, Windows PCs and iOS devices are affected to a lesser extent but data from these clients can still be decrypted.
However, since KRACK is all about faking an entire network, it can't be used to steal Wi-Fi passwords nor attack the router itself. It's more useful for stealing information, man-in-the-middle attacks and spying on network traffic.

How to protect yourself from KRACK

Well, KRACK is a really scary flaw indeed and it puts the once-trusted WPA2 security standard into a precarious position.
Fortunately, the flaw was disclosed to software and hardware companies back in July, months before it was publicly disclosed recently. This means patches to fix the flaw are already being deployed.
Update your gadgets
So first order of business - make sure you keep all your Wi-Fi enabled gadgets updated with the latest software available.
For example, Microsoft already included a security patch for it with October's Patch Tuesday security fixes so make sure you install those on your Windows devices as soon as you can.
Apple, too, although its machines are not severely affected by the KRACK vulnerabilities, will issue patches in the next few weeks.
Systems that are the most affected by KRACK are Android and Linux devices. Linux distros that are patched from the attack are now slowly rolling out as we speak.
Google stated that it will have its patches ready in the coming weeks but unfortunately, as with any Android update, it will be up to the gadget makers and carriers to roll them out.
Update your router's firmware
Router manufacturers like Cisco are already making their fixes available for their affected products. Make sure you check for any firmware update for your router and update it immediately.
In fact, although router manufacturers don't tell you, checking for the latest firmware for your router at least every three months is one essential step in protecting your network.
Stay away from public Wi-Fi networks
Since KRACK hackers need to be near a network to clone it, unless one of your neighbors is a top-shelf hacker, your home Wi-Fi network is likely safe for now.
What you need to stay away from, like we always say, are public Wi-Fi networks. Accessing your personal data through public Wi-Fi networks is bad as it is but KRACK just makes it worse.
Additionally, if you own an affected gadget, especially an Android device, that has not been patched yet, consider turning off its Wi-Fi for now and use cellular data instead.
Only visit secure websites
If you don't have any other connection option other than Wi-Fi and you desperately need to go online, make sure you only visit websites with secure encryption protocols like HTTPS.
With this, data that are traveling within the network would at least be shielded from a hacker's prying eyes. You can use this extension for Chrome, Firefox and Opera called HTTPS Everywhere to make your browsing more secure.

FOR ADDED WI-FI SECURITY, CONSIDER USING A VPN

Another thing you could do, especially when connecting to a public Wi-Fi network, is to use a VPN service. It's a good way to hide your internet tracks from would-be snoops, even KRACK hackers. Here are the best free VPN services you can try out now.
https://www.komando.com/tips/425117/how-to-prevent-a-krack-attack-on-your-wi-fi?utm_medium=nl&utm_source=totd&utm_content=2017-10-18-article-title


Comments

Post a Comment

Popular posts from this blog

BMW traps alleged thief by remotely locking him in car

BMW traps alleged thief by remotely locking him in car Stealer's Wheel? Seattle police department quotes "Watchmen" movie in a recap of the recent arrest. Tech Culture by Gael Fashingbauer Cooper December 4, 2016 5:00 PM PST It's maybe the most satisfying arrest we can imagine. Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal. Jonah Spangenthal-Lee, deputy director of communications for the Seattle Police Department, posted a witty summary of the event on the SPD's blog on Wednesday. Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (Nov. 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," Spangenthal-Lee wrote. The suspect found a ke...
Read more

Report: World’s 1st remote brain surgery via 5G network performed in China

World’s 1st remote brain surgery via 5G network performed in China Published time: 17 Mar, 2019 13:12 ·           A Chinese surgeon has performed the world’s first remote brain surgery using 5G technology, with the patient 3,000km away from the operating doctor. Dr. Ling Zhipei remotely implanted a neurostimulator into his patient’s brain on Saturday, Chinese state-run media  reports . The surgeon manipulated the instruments in the Beijing-based PLAGH hospital from a clinic subsidiary on the southern Hainan island, located 3,000km away. The surgery is said to have lasted three hours and ended successfully. The patient, suffering from Parkinson’s disease, is said to be feeling well after the pioneering operation. The doctor used a computer connected to the next-generation 5G network developed by Chinese tech giant Huawei. The new device enabled a near real-time connection, according to Dr. Ling.  “You barely feel that th...
Read more

New ATM's: withdraw money with veins in your finger

New cash machines: withdraw money with veins in your finger Cash machine technology that reads the pattern of finger veins is already available in Japan and Poland   By Telegraph Reporters 6:59PM BST 15 May 2014 Cash machines could soon be installed with devices that identify customers by reading the veins in their fingers. The technology is already being rolled out in Poland, where 1,730 cash machines will this year be installed with readers, negating the need for a debit card and Pin. Developed by Hitachi, the Japanese electronics firm, the machines read the patterns of the veins just below the surface of the skin on your finger using infra-red sensors. The light is partially absorbed by haemoglobin in the veins to capture a unique finger vein pattern profile, which is matched to a profile. The technology is used by Japanese banks and also in Turkey, offering “groundbreaking levels of accuracy and speed of authentication”, Hitachi said, which in t...
Read more