Recent news reports have been full stories about a new WiFi exploit known as “The Krack” or “Key Reinstallation attACK.” This hack, or exploit, affected just about everyone, from cell phones to laptops, and including anything with a WiFi radio. Two questions you may be asking: What is “The Krack?” What can be done to prevent it?
What is The Krack?
Wireless Internet connections have always been more susceptible to malicious attacks than a wired connection. Very similar to how a radio station works, all your wireless information is floating through the air capable of being read by anyone with the tools to do so. The devices and instruments needed are becoming easier and cheaper to acquire. This hack works by allowing malicious users to inject themselves into the middle of your network signal, referred to as a “man in the middle” attack. They are then capable of intercepting the data as it transmits between your wireless device and your wireless radio (typically your cable or DSL modem/router). Every bit of data you send and receive is then accessible to them. When you log into your financial institution, for example, they can intercept your username and password without your knowledge. Since they can see every single bit of data sent and received, there would be nothing you could do online, while connected to WiFi, that they wouldn’t be able to see and record.
How Do You Protect Yourself?
Wireless Internet has gone through several versions of security protocols since its inception. The first version of this, WEP, or Wired Equivalent Privacy, worked for a while but flaws were abundant, and soon this method of wireless protection was replaced. If you are still using WEP for your wireless, you should update your hardware immediately. WEP is capable of being hacked in a matter of seconds using the equipment most people carry in their pockets today. WEP was replaced by WPA (WiFi Protected Access) and worked well for a while but was also found to have flaws that could allow intrusions to occur quite quickly. So, a newer version WPA2 became the standard that we still rely on today. That isn’t to say that WPA2 is unhackable. However, it is secure enough that hacking it would take so much time and expensive hardware it is undesirable to attempt in most cases.
Krack is Different from Most Hacks
It doesn’t attempt to attack the protocol itself, but rather the device connecting to WiFi such as your phone or laptop. There have been quite a few articles warning of the dangers, informing you to turn off all your wireless services and casting a lot of FUD around (Fear Uncertainty and Doubt). What you should know is that this exploit has a few hurdles to overcome. The person attempting this would need to be physically close enough to you to capture the radio signal, as most typical wireless signals can reach to a maximum of about 300 feet. Essentially, this means you can’t be hacked from across the globe using this exploit. Krack also takes advantage of unsecured sites. If you are visiting a website that starts with HTTPS:// instead of HTTP:// then there is another layer the hacker would have to break through.
Most sites today, especially those involving financial or other secure data, are using the more secure HTTPS:// protocol. In fact, Google has started rewarding websites that use the more secure version over their non-secure counterparts. So, it makes much more sense that if you have a site and it isn’t using a security certificate, you should add one (check with the company that handles your website) and it could help your results in search engines. If you have to visit sites that don’t use the more secure protocol, then check if your browser can handle the HTTPS Everywhere plugin/extension.
Thankfully, the people who uncovered this potential hack notified companies ahead of the public announcement, so many tech giants such as Microsoft and Apple already have updates, and other organizations are sending them out as soon as they are ready.
One more word of caution, with the proliferation of “Internet of Things,” or IoT, devices such as the Ring Video Doorbell, Amazon Echo, Google Home, smart outlets and lights, and your Nest style thermostat, many gadgets are attaching to your wireless. Some of these devices may never receive an update so replacing them with newer hardware or “layering” your network may be the only way to go. Network layering is much more complicated than the typical user would feel comfortable configuring so consult your trusted computer networking people on how to do so. QCBN
By Greg Hicks
As always, we want to hear your feedback and questions. Send them along to questions@tekcw.com.
Leave a Reply