KRACK stands for Key Reinstallation AttaCK, and is a security flaw discovered in the Wi-Fi encryption protocols WPA and WPA2, used in almost all modern-day devices . This includes your laptop, cell phone and tablet. (Most desktop computers do not have wireless capability).
The KRACK vulnerability exists when your device first makes it’s connection to a secured Wi-Fi access point. Step one is for your device and the access point to exchange authentication information, also known as a ‘handshake’. By exploiting this vulnerability in WPA and WPA2, this process can be manipulated to allow a third party to obtain the encryption key. With that, they can execute a ‘Man-in-the-middle’ based attack, and therefore view your data traffic.
Device manufacturers are racing to release patches to fix this security vulnerability. Among those which are still vulnerable: Apple, Android and Linux devices. A couple of points below:
- An attacker needs to be in-range of your device and wireless access point to exploit this vulnerability. For a typical wireless router, this is a little more than 100 ft.
- If you are using a Windows PC running Windows 7 or newer, and your PC is up-to-date on patches, you are already protected. Microsoft released a security fix on October 10th. If you are a MoseSys managed customer, with our Patch Doctor system you can be assured that your computers have the latest patches and updates.
- If you are using an Apple or Android device, stay tuned for patches that will be issued soon. You may consider not connecting to public Wi-Fi hotspots, or possibly using only cellphone network data in the meantime.
- If your network utilizes a Sonicwall firewall appliance, no changes are necessary. Sonicwall units are not vulnerable to the KRACK exploit.
- If you are using a third party wireless router, consider contacting the router manufacturer to see if they’ve released a new firmware update that fixes the KRACK exploit. Consider doing the same if you are using your cable provider’s router.
- Make sure your anti-virus, anti-malware, and software firewalls are patched and up-to-date. For MoseSys customers, this is another area in which you can rest easy, knowing it’s taken care of.
- ALWAYS practice discretion when using a public Wi-Fi hotspot. Do not transmit sensitive information , and try to use websites that use the HTTPS protocol (Or show the little padlock symbol in the address bar).
For more information, see PCWorld’s FAQ:
https://www.pcworld.com/article/3233308/security/krack-wi-fi-security-flaw-faq-tips.html#toc-5