KRACK Attack Is Dangerous But You Can Mitigate The Threat

KRACK Attack

The KRACK attack vulnerability exploit attacks, which basically put anyone using WPA wireless security potentially at risk, are all over the news because this can have very bad consequences. If a hacker uses this attack successfully against a wireless access point (i.e. a router) to which you connect wirelessly it is likely you are doing so with a WPA or WPA2 key (meaning a password), and that infrastructure is what can be compromised. Your password, no matter how strong it might be, has nothing to do with this threat and changing it would have absolutely no effect on the attack. KRACK is an abbreviation for Key Reinstallation Attack and what the means is the wireless attacker is not after your password but rather the last key involved in an otherwise invisible four way handshake between wireless device and wireless router. iOt devices as well as older Android devices are likely the most vulnerable but there are some saving graces and this demonstrates that the KRACK attack is dangerous but you can mitigate the threat in many cases.

The vulnerability exists in the WPA2 (IEEE 802.11i Standard) which was implemented in 2004. Think about that for a second. After 13 years I don't think it's surprising that this vulnerability has now been exploited. The wireless attacker is able to essentially replace the last key used to verify between wireless router and client without allowing it to be known so it actually mimics the verification process and makes the connection appear legitimate. Now the wireless attacker is in. Still doesn't know your password, but he or she is in and able to read data being transferred across the wireless network without actually connecting to it. That person can work effectively from outside the box and steal passwords etc. so what needs to happen now is that all manufacturers of affected devices who have not already done so must issue patches for this vulnerability ASAP.

What You Can Do About The KRACK Attack

Rest assured that Microsoft has already issued patches as have others and Google will be reportedly issuing patches forthwith (well, within a couple of weeks) for some Android devices but older devices are another story as patching those and other older devices does require a bit of reverse engineering and can take time. iOt devices are another story again because there are so many different types and different manufacturers. What you can do about the KRACK Attack is make sure you do update any devices when a patch is available, only visit SECURE websites such as this one where the URL begins with HTTPS, and consider using a VPN if only for a time. KRACK down on the KRACK Attack before it cracks down on you.