Imagine a scenario you experience on a daily basis. For instance, imagine that the road to your home is spread through with thieves and you are walking there with a lot of valuables. What would you do? Panic and try to protect your valuables, right?
This is exactly what’s happening with us in the digital world. Wi-Fi , on which most digital devices rely for Internet connectivity, is no longer secure and anyone with the right know-how can easily access your private network and see your entire web activity. This spells doom for most Internet users.
However, there is still hope and you can protect yourself from such cyber threats. But first, you need to know what Krack is all about.
What Is Krack?
Krack is an abbreviation for Key Re-installation Attacks, which is a method developed to exploit the biggest weakness in the WPA or Wi-Fi Protected Access protocol.
Krack is not a virus or a malicious program that can be used to hack or to gain access to your network. It’s a method, by which networks based on the WPA protocol can be tricked into giving access to a third person without requiring the password at all.
The WPA protocol is omnipresent and nearly all the Wi-Fi routers today use this security protocol to provide safe and seamless network to authenticated users.
If your device supports Wi-Fi, it is most likely affected.
The mind behind this finding, Mathey Vanhoef has even gone to the extent of saying that if your device supports Wi-Fi, it is most likely affected, which clearly shows the severity of the situation.
How Krack Works?
Krack actually exploits the biggest weakness in the WPA security protocol to gain access to any device connected to a wireless network.
Each time a user or a device connects to a wireless network, it performs a 4-way handshake. During which, both the device and the network hardware or the router check for the correct credentials or, in this case, the Wi-Fi password.
Subsequently, as mandated by the WPA protocol, the devices negotiate fresh encryption keys during this handshake that allow the device to stay connected to the network.
Krack takes advantage of this weakness by intercepting the data during the 4-way handshake and forces the devices to reinstall their encryption keys and to rest their initial value.
Ideally, for the sake of a better security, a system should not reinstall keys that have already been used. But this weakness is found in the existing protocol, which reinstalls old keys. Thus, Krack can resend data, decrypt and even modify data in exchange.
In short, once Krack gains access to a network, it can intercept or read the data being exchanged, and even inject malicious codes or malware into the victim’s system.
Should You Be Worried?
As the researchers have rightly mentioned, any and all devices that support Wi-Fi can be affected by this threat.
Systems based on Android and Linux, however, are more vulnerable as they use a version of Wi-Fi client that is more susceptible to this threat.
As mentioned earlier, Krack forces a device to reinstall the encryption keys. But in the cases of Android and Linux, the system doesn’t reinstall the encryption keys. Instead, it installs zero keys.
Devices running Android 6.0 and lower are majorly at risk, however, newer devices also run the risk of being vulnerable to this attack.
This vulnerability is present in the entire WPA security protocol and any device using this protocol is at risk.
The good news: It’s hard for hacker to exploit
The good news is Krack is a wide but shallow bug: nearly every device that uses Wi-Fi is vulnerable, but the attack itself is difficult to execute and not as damaging as you might expect. Taking advantage of this bug would take a lot of preparation and a very specific target, which is very good news in the short term.
An attacker would have to be within Wi-Fi range to carry out any of those exploits, which dramatically reduces the risk that an average person will be targeted. Unlike server-side bugs like Heartbleed or Shellshock, there’s no way to carry out the attack over the internet at large. Hackers need to be physically present in range of a network
How to Be Safe?
The good news is that Krack is a legitimate workaround that has been done in order to highlight a big vulnerability in Wi-Fi security. However, after knowing things and, especially after knowing how easy it is to exploit it, crooks would quite possibly try to cash in on this opportunity.
Follow These Steps …
Make sure you don’t connect your devices to unsecured or free Wi-Fi networks. Most probably, there would be a bigger surprise waiting for you on the other side. This is probably a no-brainer but it never hurts to reiterate a few vital things.
Hop on the update bandwagon. In the following weeks, many device makers will be pushing out updates. Make sure you install each and every one of them to be secure as there is a fix available for this vulnerability but only the device makers can patch it.
Always look for the ‘HTTPS‘ sign at the beginning of the URL before carrying out any financial transaction. HTTPS is the first line of defense, which is removed by this vulnerability. Make sure you check the beginning of the page URL before hitting that submit button.
Always look for the ‘HTTPS‘ sign at the beginning of the URL before carrying out any financial transaction.