Posted By Raj Singh on 11/20/2017 in Internet

Using Wi-Fi? You can be ‘KRACKed’. Not Safe till you read and act on this!

Using Wi-Fi? You can be ‘KRACKed’.  Not Safe till you read and act on this!

We are not talking about public or private Wi-Fi. All devices firmware such as Cell phones, Laptops, home gadgets, TV etc. have capabilities to work with Wi-fi and most of us assume that we are using the best or secured protocols such WPA2, AES/ TKIP when connecting to a wi-fi network.

Guess what, it is broken, WPA including WPA2 has severe vulnerabilities and a major flaw has been found. Named ‘KRACK’ (Key Reinstallation AttaCK). WPA protocol uses a 4-way authentication handshake and the attackers can resend the encryption key multiple time in step 3 and break the encryption

This flaw makes it possible for hackers to download all your data, and breakdown even encrypted data, while using wi-fi from any device. Any entry such as username, passwords, credit card details, emails etc. can be stolen. The kicker is, even secure HTTPS websites like Banking, On-line shopping data can be hacked through this loophole if accessed through Wi-Fi. All of us are affected. The attacker can even inject codes into your computer with ransomware. Pretty scary huh.

The only plus point is that the attacker needs to near your wi-fi network, it cannot be done from afar. If you do have a wired ethernet connection, use it. Cellphone users, use cellular connection, avoid wi-fi usage until your devices have the fix installed.

How about making the wi-fi password extremely strong? That does not help, it is not breaking into wi-fi, only the WPA protocol that is being used. Should you change from WPA to WEP? Not recommended, WEP is a weak protocol.

Is there a fix and what do we do?

All major hardware manufacturers are scrambling to provide security fixes until a new wif-fi protocol is established.

For existing devices, check your system software settings to confirm if you have the latest versions installed.

Windows 10 users:  Anti-Krack update released on Oct 10, ensure the software upgrade is installed on your laptop, tablets and computers

Apple users: There is a partial vulnerability, but MacOS 10.13.1 and IOS 11.1 has been released to fix this. Upgrade now.

Android users: Google’s own devices Nexus and Pixel got the Nov 6 patch. Other Android users need to check with the device manufacturers for updates, a bit slow on this front. Devices running Android 6.0 and later have more risk than other versions. Unfortunately, older devices may never get a fix.

Linux users: Most Linux such as Debian systems, Ubuntu 14.04, Gento, Arch and OpenBSD have security patches available now.

Intel and some Wi-Fi router hardware companies provide details of affected devices and provide method to update their firmware, check their websites.

These security updates on your devices ensures they cannot be KRACKed even if the routers are not patched. However, try and get the firmware updates for your routers as soon as it is available.

How to find if a specific company has patches made available. A great website, run by Owen Williams has a running list that has patches provided in his blog ‘Recharged'.

Verify if your router has any pending update, login as admin and upgrade the firmware, these patches are being rolled in as they become available.

 Should you not use wi-fi at all? Well, that is not practical for most of us, the advice being avoid using wi-fi till you have the updates installed on your devices and routers.