The latest Security Flaw: Wifi KRACK
Sounds scary and technical, another vulnerability, another frightening acronym KRACK, makes one think what is the risk and how does one overcome this concern?
It’s been everywhere in the news, social media and blogs for the past week and this article will aim to try and simplify the technical side and answer some of the questions one has.
What does KRACK stand for?
Discovered and named by Marty Vanhoef a Belgian researcher, KRACK stands for Key Reinstallation Attack. This in effect is a security flaw which allows a hacker (attacker) to break the internet communications between a router and a device. For the weakness to be exploited though the hacker needs to be in close physical proximity of the access point of the communications.
What does this mean for an individual or a business?
It means there is a potential for a cyber security incident where the attacker can capture or interrupt the flow of information from your communications or they can use the weakness to potentially inject and manipulate data. For example, this may mean an attacker injecting ransomware or other malware into websites.
What is at risk?
Like all vulnerabilities, the risk is the loss of sensitive information such as credit card numbers, passwords, emails, photos, and documents.
What is the most likely scenario for a KRACK attack?
This is difficult to say as there are potentially so many situations, however, one potential target is those organizations that provide wifi access without a lot of IT resources. An example of this would be your local coffee shop.
Is changing passwords the best way to protect myself?
Changing passwords regularly is a basic security measure that is recommended, however, this will not prevent or mitigate an attack. In fact, the key element to protect yourself includes ensuring all devices are up to date with the latest updates. This includes ensuring the firmware on your router is updated.
A simple tip is to ensure you have automatic updates turned on which will help ensure you have the latest versions and protection installed.
Until you are sure that your device has been updated limit your usage of public networks especially with phones utilizing the Android operating system.
Only transact with websites that have an SSL certificate meaning that the sites URL will start with https instead of HTTP. This in effect means the site is using encryption which therefore makes it difficult to see what data is being transferred.
Keep yourself informed and be sensible with your usage of public wifi if in doubt do not connect and turn the wifi option off on your device. If still uncertain contact us and ask for a KRACK risk assessment.