If you thought your protected Wi-Fi was safe, think again. Nearly all devices are affected by the new KRACK exploit. KRACK (Key Reinstallation Attack) is a severe replay attack (a type of exploitable flaw) on the Wi-Fi Protected Access protocol that secures Wi-Fi connections. It was discovered in 2017 by the Belgian researchers Mathy Vanhoef and Frank Piessens of the University of Leuven.
Solid advice for setting up a new wireless router or Wi-Fi network in your home is to password-protect it. Set a secure password using Wi-Fi Protected Access 2 (WPA2) and only share it with those you trust.
By Jacob Mutisi
Since the WPA2 standard became available in 2004, this was the recommended setup for wireless area networks everywhere — and it was thought to be relatively secure.
That said, like the deadbolt on your house, password protection is really only a strong deterrent. Like most things, as secure as WPA2 was believed to be, it was only ever as strong as your password or any vulnerabilities discovered in its security.
A proof-of-concept exploit called KRACK (which stands for Key Reinstallation Attack) was unveiled. The ominously named crypto attack exploits a flaw in the four-way handshake process between a user’s device trying to connect and a Wi-Fi network. It allows an attacker unauthorized access to the network without the password, effectively opening up the possibility of exposing credit card information, personal passwords, messages, emails and practically any other data on your device.
The even more terrifying bit? Practically any implementation of a WPA2 network is affected by this vulnerability, and it’s not the access point that’s vulnerable. Instead, KRACK targets the devices you use to connect to the wireless network.
The website demonstrating the proof-of-concept states, “Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and others are all affected by some variant of the attacks.” That said, most current versions of Windows and and iOS devices are not as susceptible to attacks, thanks to how Microsoft and Apple implemented the WPA2 standard. Linux and Android-based devices are more vulnerable to KRACK.