Everything You Need to Know About the KRACK WiFi Vulnerability

Brief: what is KRACK and how citizens of the Maryland area can protect themselves against KRACK

Think your information is safe online? Think again. Researchers in Belgium have just discovered a vulnerability in WiFi encryption that allows hackers to exploit data that was once thought to be protected. Turns out, the encryption settings that are used on most websites have a serious design flaw that leaves your information easily exposed. Known as the Key Reinstallation Attack (or KRACK), the vulnerability allows hackers to easily “break” into almost any device by intercepting its network traffic.

So how does KRACK work? Essentially, the vulnerability takes advantage of a basic flaw in the WiFi Protected Access II (WPA2) protocol. In simpler terms, KRACK is able to steal a device’s encryption codes and allow hackers to hijack any given network. This means that hackers could potentially steal your online information, which includes your various passwords and credit card information, and in some cases even install spyware and malware into the sites you visit.

What makes this different from other vulnerabilities is the fact that the flaw appears to stem from the internet’s encryption settings themselves. KRACK isn’t just another software issue, it’s an internet issue. By tricking devices into reusing what is meant to be a one-time encryption key, hackers are able to easily decode almost any type of data packet that is sent through WPA2.  That means that any device that uses WiFi is potentially affected. Experts believe that Android and Linux devices are most at risk.

The good news is that most sites that deal with more sensitive information -- banking sites, commerce sites, etc. -- use a form of encryption known as SSL, which isn’t directly affected by KRACK. Now for the bad news. Experts warn that most IoT (internet of things) devices, which range from smart TVs to smart light bulbs, may be more at risk than your phone or computer. Because these devices typically take longer to undergo software updates, their encryption settings (if they have any at all), may be outdated.

If you have internet-connected devices at home, you may want to take the time to see how to update them. For a full list of affected devices, check here.

Fortunately, there are a few simple steps you can take to help safeguard your connections (and your privacy) in the wake of KRACK. First, take the time to make sure every internet-enabled device you own is using the latest software available. If you’ve been putting off updating your laptop or installing the latest OS update on your phone, now’s the time to do it. By keeping your devices up to date, you’re able to take advantage of the latest security patches, which are constantly being optimized to help seal KRACK and other security flaws.

Second, users are also encouraged to download VPNs to help encrypt their traffic. Short for virtual private network, a VPN is an easy and discreet app that can instantly anonymize a user’s online connection while providing an added layer of security. Because VPNs automatically reroute a device’s network traffic through another encrypted server, they’re able to prevent hackers from using the KRACK flaw to intercept connections.

Because Maryland is one of the top states for internet usage per household, making sure your devices are secure and are working properly is extremely important. If you haven’t already, take a few minutes to update your internet devices today.

1 people are following this post.
    1. Loading...