If you use wifi in any way, here are six things to note:
- KRACK is an extended security and privacy vulnerability revealed just today. It’s unlikely your wifi is secure yet.
- This is a vary capable bug, so don’t underestimate the seriousness of this matter.
- “The attack works against all modern protected Wi-Fi networks.”
- “It appears almost any device that uses Wi-Fi is affected.”
- You “may want to be wary of using Wi-Fi at all until patches are widely rolled out.”
- “It’s more urgent for general users to patch their personal devices, whether phones, PCs or any smart device, be they watches, TVs or even cars.”
Some measures to take while you wait for updates to your wifi network
For those users whose routers, PCs and smartphones don’t yet have updates, there are some measures they can take to protect their online privacy. A Virtual Private Network (VPN) software could protect them, as it will encrypt all traffic. Only using HTTPS encrypted websites should also benefit the user, though there are exploits that can remove those protections. Changing the Wi-Fi password won’t prevent attacks, but it’s advisable once the router has been updated.
OK, now that I have your attention, here are portions of my source:
It’s time to get patching again. Another widespread vulnerability affecting practically everyone and everything that uses Wi-Fi was revealed on Monday, allowing hackers to decrypt and look at everything people are doing online.
Researcher Mathy Vanhoef, from Belgian university KU Leuven, released information on his hack, dubbing it KRACK, for Key Reinstallation Attack. Vanhoef’s description of the bug on his KRACK website is startling: “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
[…]
As for how widespread the issue was, it appears almost any device that uses Wi-Fi is affected. “The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others are all affected by some variant of the attacks,” explained Vanhoef.
[…]
For that reason, users may want to be wary of using Wi-Fi at all until patches are widely rolled out.
[…]
Note that devices such as laptops and smartphones will require updates as well as routers. Indeed, Vanhoef said it’s more urgent for general users to patch their personal devices, whether phones, PCs or any smart device, be they watches, TVs or even cars. He recommended users get in touch with the relevant vendors to find out when patches are coming.
Read more of that article here: Update Every Device — This KRACK Hack Kills Your Wi-Fi Privacy.
The graphic is a screen capture I took from a UK Telegraphic piece on the same subject: Every Wi-Fi network at risk of unprecedented ‘Krack’ hacking attack.