A security flaw made a concerning appearance this week after the bug, dubbed a ‘Krack attack’, wasdiscovered by Belgian researchers. Targeting Wi-Fi encryption, the bug can access safely encrypted information such as emails, passwords and credit card numbers.
These researchers have predicted every device that connects to Wi-Fi is at risk of a Krack attack. Other security experts believe the bug will take decades to be completely eradicated. We outline everything you need to know about this flaw and how to reduce your risk of an attack.
A ‘Key Reinstallation Attack’ or ‘Krack attack’, is a security encryption flaw in the WPA2 system. This system secures a Wi-Fi connection between a router and a device. When a device connects with a router, the internet can be accessed and an encryption key is then generated. This key is what makes your data ‘uncrackable’ to anyone who might intercept it.
However, at this point, hackers can trick this encryption key to be reinstalled, resetting it to zero. Resetting this causes the session to become unencrypted, and exposes sensitive user data. Malicious software can also be inserted into legitimate websites, leaving any user who visits the site at risk of data exposure.
Updating your device with the latest security patch is the leading way to prevent a Krack attack. Vulnerable devices include anything which plays a part in your Wi-Fi network, such as computers, phones, TVs and printers. Android mobile user? Unfortunately you’re at the highest risk of an attack, as they are the hardest and slowest devices to patch, however it’s still important to patch your device as soon as you can.
Companies have been responding in different ways to the new bug, check the status of your security patch below -
Install the latest security update for your router as soon as it becomes available. Router manufacturers such as Cisco already have fixes available for their affected products.
It’s best to avoid all public Wi-Fi until a patch is installed. Without any clear idea of who is on the network or how it is being used, you leave yourself open to an attack.
Only access websites with HTTPS in their address. This will add another layer of protection and ensure you are only connecting to secure websites.
As technology advances, so do the methods of predatory hackers. Regularly update your device to ensure your data is securely protected.