The most commonly used source of internet access, public Wi-Fi hotspots, has been hit with the latest threat referred to as KRACK which is short for Key Re-installation Attacks. The main idea is that the attacker targets wireless networks that use WPA or WPA2 security encryption. KRACK takes advantage of a particular security flaw in the WPA2 wireless security standard, allowing attackers to access personal information in addition to inserting malware into websites the user visited. This was first reported by Ars Technica. Through this way, attackers are able to get access to encrypted information like users’ usernames, passwords, credit card data, etc. KRACK worls by tricking the wireless access point into re-using an encryption key that was already used. This allows the attacker to decrypt and access any information on the network that was meant to be encrypted.
Fortunately, companies have already started fixing this flaw to prevent these types of hacks from happening again. However, from the user’s side, the devices have to be updated in order for this preventive solution to take place.
“Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others are all affected by some variant of the attacks,” said the researchers who discovered the vulnerability.
How to fix it
The simplest way to fix this issue or prevent it from happening is by updating your device or waiting until your operating system’s manufacturer releases an update and install it. On October 10, Microsoft released a software update for supported versions of Windows which fixed this issue before affecting users. Apple announced that in its upcoming software update for all its devices, that will patch the issue. This was according to 9to5Mac. More updates are for different operating systems are also expected to be released very soon.
A list was compiled by the US Computer Emergency Readiness Team or US-CERT of the manufacturers that have been notified with the issue of KRACK and whether or not they provided any information regarding updates or updated devices. Users should make sure if their wireless router’s manufacturer is on the list and if so follow the instructions to update their routers to avoid being a victim of KRACK.
Users also should avoid using public wireless networks as much as they can and continue using WPA2 encryption on their devices as it is still considered the most secure option available.