The Recent KRACK Vulnerability Has KRACK-ed Wi-Fi Security!
What Is KRACK Wi-Fi Vulnerability?
The KRACK vulnerability has literally cracked Wi-Fi connection and security, for the worse. The vulnerability or exploit has left billions of devices and users across the world completely exposed, and has opened new doors for hackers and data snoopers. While the real impact and fallout of this exploit will make itself visible in the coming days, for now, internet-enabled devices, especially IoT (Internet of Things) devices, remain vulnerable more than ever before.
So, how does KRACK actually work? Well, this is because of a serious weakness in Wi-Fi Protected Access II (WPA2) protocol — the wireless encryption standard used by just about every Wi-Fi device in the world. The security hole enables hackers to steal unencrypted data transmitted via the Wi-Fi network, even if the network is password-protected. The exploit doesn’t actually crack the Wi-Fi password of the victim, but rather replaces the encryption key to decrypt traffic on the network.
Because this is a vulnerability in WPA2 itself, nearly all internet-enabled devices are susceptible to the KRACK attack, regardless of the software they’re running on. This vulnerability also exists in the earlier Wi-Fi Protected Access (WPA) as well as any cipher suite such as GCMP, WPA-TKIP and AES-CCMP.
What a Hacker Cannot Do?
The good news is that KRACK attacks aren’t easy to deploy, as hackers need to be within range of the Wi-Fi network. Unlike other security vulnerabilities like Shellshock and Heartbleed, the attack can’t be carried out remotely. Therefore, taking advantage of this exploit will require time and a systematic approach.
What a Hacker Can Do?
The bad news? The KRACK vulnerability is very dangerous. It can be used by a hacker to decrypt traffic on a Wi-Fi network, including passwords, photos, credit card numbers and emails, putting you at the risk of identity theft or monetary loss. In some instances, a hacker may be able to inject spyware, malware and ransomware into the websites you’re visiting.
KRACK attacks can range from bad to worse, depending upon the encryption protocols you’re using. In some instances, hackers would only be able to decrypt (some or all) of your traffic. In others, they would be able to gain complete control over your connection to forge and inject bad packets of data. With vendors slowly putting patches together for the flaw, it’s advised that you patch your software as soon as it’s available.
Why Are IoT Devices Ideal Targets?
While laptops and mobile phones are likely to be safer from KRACK attacks thanks to security updates, your IoT devices might not be as lucky. Companies like Apple and Microsoft were particularly quick to release patches for the KRACK vulnerability, but so far only one major IoT Wi-Fi module manufacturer has updated their firmware to fix the exploit.
Since IoT devices take time to update, hackers will have a longer window of opportunity to target your microwave rather than your phone with the KRACK vulnerability. Furthermore, insecure communications would give hackers more motivation and make it a lot easier for them to compromise your smart home gadgets. So, it wouldn’t be a surprise if we get to see attacks on IoT devices in the coming weeks.
As we wait for patches to be released, the best thing we can do to protect ourselves from the KRACK Wi-Fi flaw is by making sure we always use HTTPS. Moreover, using a VPN is a good idea as it encrypts all your traffic. Keep in mind that the attack doesn’t retrieve the password of your Wi-Fi network, and therefore changing it wouldn’t prove to be much of a help.