Forbrukslån svar på Dagen | Tietokoneen Hiiri | Alle Kredittkort | Billig Strøm 2018 | Beste Tyverialarm 2018 | Vardia Forsikring Erfaringer | Billigste Mobilselskaper | Billigste Bredbånd 2018
CriticalFeaturedSecurity

KRACK in Wi-Fi security: What you need to know

 

Wi-Fi is everywhere, and you’re on it all the time. Get your guard up.

A newly revealed Wi-Fi weak spot puts just about every device at risk, from your work computer to the phone in your hand and the laptop you tote to the coffee shop.

What’s especially frustrating is that a potential attack, called KRACK, would slip in through a vulnerability in a fundamental security protocol.

What happened?

A researcher in Belgium named Mathy Vanhoef stumbled across a problem in the code behind WPA2, a protocol that makes wireless connections work in practically every device. The flaw means that all devices are vulnerable to hackers who want to pick up on all the internet traffic flowing in and out of laptops, phones, smart home devices and anything else with a Wi-Fi connection.

Why the name KRACK?

It’s short for “Key Reinstallation Attack.” It refers to the trick Vanhoef found could be used to open up your internet traffic to hackers, which forces a device to repeat sensitive information to establish an internet connection.

Is it as bad as it sounds?

The good news is that a hacker has to be nearby to carry out an attack that takes advantage of this problem. The bad news is that a hacker could carry out the attack on virtually anything nearby with a Wi-Fi connection. Your devices are likely vulnerable.

What’s the best way to protect myself?

The most important thing you can do is update your devices as patches become available. Second, you’ll want to consider patching your router firmware if the manufacturer doesn’t update it for you automatically. Here’s a more thorough list of steps to take to secure yourself, and here’s list of every patch that’s been released so far from ZDNet.

Can’t I just change my Wi-Fi password?

You can change your passwords as an extra protective measure — but this is the least important step. Even though your instinct might be to change your passwords right away, it won’t block out hackers who know how to use KRACK.

Can other people’s unpatched devices make me unsafe?

Even if you patch your Android phone and your home router, you could be vulnerable if you connect your phone to another unpatched router. On the plus side, Vanhoef found that routers are harder to attack than phones and other devices. For the time being, the safest thing to do is to avoid using Wi-Fi on your phone if at all possible.

Does turning off phone Wi-Fi protect you, or are the cellular networks vulnerable?

Cellular networks are not affected by KRACK. Still, if you want to really turn off Wi-Fi, have at it. On Android devices, that’s pretty straightforward. In an iPhone or iPad that runs iOS 11, you’ll have to go to Settings to do so. Turning off Wi-Fi from the control center (that little panel of buttons that appears when you swipe up from the bottom of your screen) doesn’t turn iti all the way off.

Is HTTPS at risk?

Many websites — the ones that start with HTTPS — put an extra layer of encryption on your internet traffic to keep it scrambled up as it travels to its destination. The KRACK attack doesn’t break this encryption, so it could help secure your data. However, Vanhoef said, HTTPS alone might not be enough to protect your data if a hacker uses KRACK to read your internet traffic, considering the number of times hackers have found ways to break the encryption.

When will companies starting patching?

Windows customers are already protected if they installed software updates released last Tuesday. Google has said it’s aware of the problem and will be releasing any patches necessary in the coming weeks. Amazon is also looking into what patches are needed. Router manufacturers Linksys and Netgear both said they are aware of the problem; Netgear has begun putting out patches.

Apple and Samsung products are at risk, and neither company has responded to requests for comment on when updates will be available.

Do attackers need to have physical/local access to your network, or can they do so remotely?

Hackers must be near your device to use this attack. This significantly cuts back on the breadth of attack a single hacker can carry out at once. However, the weakness is currently so pervasive that Vanhoef said everyone should assume all their devices are affected and vulnerable.

 

Show More

Stephen

Stephen Turner, the Director of Operations for predictiveIT, has spent the past 22 years involved in the technology realm and security. Stephen began his career in the United States Marine Corps as a Crypto Technician, before moving into the private sector. He has worked all facets of the Information Technology world including administration, security, consulting, project management, Director of Cyber Security and as a Chief Information Officer for nationwide organization where he was responsible for architecting the security infrastructure during the migration of the organization’s entire data center to the “cloud”. Stephen has trained as a Certified Ethical Hacker, Certified Information Systems Security Professional and as a Red Hat Certified Architect with a focus on Linux security.
Close

Adblock Detected

Please consider supporting us by disabling your ad blocker