KRACK Attack

What Is KRACK Vulnerability And Its Impact?

The Recent KRACK Vulnerability Has KRACK-ed Wi-Fi Security!

What Is KRACK Wi-Fi Vulnerability?

The KRACK vulnerability has literally cracked Wi-Fi connection and security, for the worse. The vulnerability or exploit has left billions of devices and users across the world completely exposed, and has opened new doors for hackers and data snoopers. While the real impact and fallout of this exploit will make itself visible in the coming days, for now, internet-enabled devices, especially IoT (Internet of Things) devices, remain vulnerable more than ever before.

So, how does KRACK actually work? Well, this is because of a serious weakness in Wi-Fi Protected Access II (WPA2) protocol — the wireless encryption standard used by just about every Wi-Fi device in the world. The security hole enables hackers to steal unencrypted data transmitted via the Wi-Fi network, even if the network is password-protected. The exploit doesn’t actually crack the Wi-Fi password of the victim, but rather replaces the encryption key to decrypt traffic on the network.

Related Read:

Here’s How You Can Protect Yourself From KRACK WiFi Vulnerability

Because this is a vulnerability in WPA2 itself, nearly all internet-enabled devices are susceptible to the KRACK attack, regardless of the software they’re running on. This vulnerability also exists in the earlier Wi-Fi Protected Access (WPA) as well as any cipher suite such as GCMP, WPA-TKIP and AES-CCMP.

What a Hacker Cannot Do?

The good news is that KRACK attacks aren’t easy to deploy, as hackers need to be within range of the Wi-Fi network. Unlike other security vulnerabilities like Shellshock and Heartbleed, the attack can’t be carried out remotely. Therefore, taking advantage of this exploit will require time and a systematic approach.

What a Hacker Can Do?

The bad news? The KRACK vulnerability is very dangerous. It can be used by a hacker to decrypt traffic on a Wi-Fi network, including passwords, photos, credit card numbers and emails, putting you at the risk of identity theft or monetary loss. In some instances, a hacker may be able to inject spyware, malware and ransomware into the websites you’re visiting.

krack wifi vulnerability

Image Credit: krackattacks.com

KRACK attacks can range from bad to worse, depending upon the encryption protocols you’re using. In some instances, hackers would only be able to decrypt (some or all) of your traffic. In others, they would be able to gain complete control over your connection to forge and inject bad packets of data. With vendors slowly putting patches together for the flaw, it’s advised that you patch your software as soon as it’s available.

Related Read:

What Companies are doing to fix Wi-Fi KRACK Vulnerability

Why Are IoT Devices Ideal Targets?

While laptops and mobile phones are likely to be safer from KRACK attacks thanks to security updates, your IoT devices might not be as lucky. Companies like Apple and Microsoft were particularly quick to release patches for the KRACK vulnerability, but so far only one major IoT Wi-Fi module manufacturer has updated their firmware to fix the exploit.

Since IoT devices take time to update, hackers will have a longer window of opportunity to target your microwave rather than your phone with the KRACK vulnerability. Furthermore, insecure communications would give hackers more motivation and make it a lot easier for them to compromise your smart home gadgets. So, it wouldn’t be a surprise if we get to see attacks on IoT devices in the coming weeks.

Related Read:

Here’s How You Can Protect Yourself From KRACK WiFi Vulnerability

Final Word

As we wait for patches to be released, the best thing we can do to protect ourselves from the KRACK Wi-Fi flaw is by making sure we always use HTTPS. Moreover, using a VPN is a good idea as it encrypts all your traffic. Keep in mind that the attack doesn’t retrieve the password of your Wi-Fi network, and therefore changing it wouldn’t prove to be much of a help.

Haris Shahid has a genuine passion in covering the latest happenings in the cyber security, privacy, and digital landscape. He likes getting out and about, but mostly ends up spending too much of his time behind a computer keyboard. He tweets at @harisshahid01

Have Your Say!!

12 Comments
  1. dennis schoonover says:

    Thanks for the update. I will share this info with my business partners and friends.

  2. Kari says:

    A question. Our cable modem/router is also the WIFI modem. It is always on (wifi). I typically plug into the modem/router but the wifi is still broadcasting. Does that pose the same risk? I would not be trying to sign onto the Wifi, but one assumes it does open a door to the modem/router. Should the purevpn also be on while plugged here too to thwart KRACK?

    • PureVPN says:

      You have two options in this situation. You can either confugure PureVPN on individual devices, since we provide 5 multi logins with every account. In case of setting it up on the router, you will need to get another router. You will connect with your ISP modem and configure VPN on the new router and connect all the devices to the router, where PureVPN is installed. This way, 
      you entire network will be protected. 

  3. Adam says:

    Good email notification, even if it was a plug for PureVPN 😉

  4. James Shaver says:

    I was going to share this article, but there are too many typos to seem like a legitimate source. Let me know when they’re fixed, and I’ll share it.

  5. Dale Rizzo says:

    Is that why my VPN doesn’t work at all now? Every time I try to do a scan, I get the message “authentication failed”. (We have had a VPN account for more than one year). Any suggestions? The trouble-shooting area of your website is not very user-friendly. Thank you!

  6. Kalim says:

    So whats the difference between this and aircrackNG? WiFi hacking is nothing new, plus aircrack will retrieve the password of said WiFi, which seems to be more than Krack can do?

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Shares