A new exploit allows attackers to see information on Wi-Fi networks — information that was previously thought to be safe and encrypted. At the moment, any Wi-Fi devices you own are likely susceptible to these attacks.
The exploit is known as key reinstallation attacks (KRACKs), discovered by Security researcher Mathy Vanhoef and further detailed on krackattacks.com. The widely-used WPA2 protocol is vulnerable, and as the site notes in bold: “The attack works against all modern protected Wi-Fi networks.”
More On KRACK
In the attack, a hacker could exploit the “4-way handshake,” which takes place when someone attempts to join a protected Wi-Fi network. During this, a new encryption key is made to encrypt traffic. However, a step in the process allows a key to be resent multiple times, and this is where the exploit can take place.
Conceivably, an attacker could eavesdrop on any Wi-Fi traffic passing to and from access points. The United States Computer Emergency Readiness Team (US-CERT) has acknowledged the vulnerabilities. Although the vulnerabilities are within the WPA2 protocol, that doesn’t mean older protocols aren’t susceptible — as Vanhoef points out, “The attack works against both WPA1 and WPA2, against personal and enterprise networks, and against any cipher suite being used (WPA-TKIP, AES-CCMP, and GCMP).” Vanhoef urges users to stick with the WPA2 protocol.
Devices running Android and Linux are especially susceptible to a variant of the exploit, due to the nature of a particular Wi-Fi client often used on those devices. Vanhoef writes that 41 percent of Android devices are currently “vulnerable to this exceptionally devastating variant of our attack.”
What Comes Next
It’s not clear if any exploits are actually happening yet, as this attack has just been disclosed publicly. But as Ars Technica notes, “The vast majority of existing access points aren’t likely to be patched quickly, and some may not be patched at all.” At this point, it’s up to providers and manufacturers to issue proper security updates for their routers.
Luckily, any devices or access points updated with a proper security patch should allow users to prevent these attacks, and only one or the other needs to receive a patch. Meaning that if your computer or phone gets a proper security update, you should be able to avoid any possible attack — regardless of whether or not a router is susceptible. A patched router would work similarly with an otherwise-susceptible device.
It’s important to update your devices as soon as possible once security patches are released. But other than waiting for your vendors to issue such patches — something we hope to see within the next few days, if not hours — you should use encrypted HTTPS websites whenever possible. Using a trusted VPN could add another layer of security, as well.