You Can’t Stop the KRACK Hack, but Here’s How to Protect Yourself

Published: October 17, 2017 - 3:52pm EDT

Computer coding with glasses watching

The tech world is abuzz with recent news that essentially every Wi-Fi device on the planet is at risk to hackers, and there’s absolutely nothing we can do it about it; cue panic in the streets and everyone throwing their smartphones into dumpsters. But there’s really no need to panic about the KRACK hack – yes, it’s alarming, and your devices are potentially at risk, but there are ways you can still protect yourself, and a simple solution looms in the near future.

We’ve got the scoop on what the KRACK hack is, and what exactly it means for you and your devices. We’ve also got the answer about how it will be fixed, as well as tips for staying safe in the meantime while you’re still connecting to Wi-Fi networks.

We’ll be updating this post in the coming weeks with information about the available updates, and new ways to protect yourself, so be sure to come back to check on the status of your OS update.

What is the KRACK hack?

The KRACK hack is a revealed vulnerability within all devices that use Wi-Fi, which can access the moment of security and gain access without needing the proper key encryption. KRACK, or “Key Re-installation Attack” gets by WPA2 protocol using key re-installations to trick the network.

When connecting to a Wi-Fi network, a so-called “four-way handshake” takes place, which matches the credentials of the network and the device attempting to connect. The KRACK hack takes place at this moment by re-installing a network key that was previously verified, meaning the Wi-Fi network believes that the connection is valid. Instead however, the victim is now a sitting duck on a malicious network where an attacker can intercept all their information.

This problem was discovered by Mathy Vanhoef, who has performed numerous attacks on demo devices, including Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, all of whom are affected by some form of the attack. Android and Linux-operated devices were determined to be more vulnerable than others, with the attackers being able to consistently decrypt all available data on the device over time. However, any device that uses a WPA2 protocol to connect to a Wi-Fi network is vulnerable.

Mathy Vanhoef attack on an Android smartphone

Essentially, the attacker runs the KRACK hack, and forces the victim to connect to a malicious network by tricking it while it is attempting to connect to the Wi-Fi network that they believe to be secure. During this process, any information that is transmitted over the network is vulnerable, as the attacker would be able to access it. This includes things as simple as a basic Internet search, to the exact passwords you enter in a login screen, to your credit card numbers.

What the KRACK hack really means for you:

The KRACK hack isn’t an actual “hack” in the terms that your device has already been accessed and your personal information is currently at risk. However, the discovery of this problem means that every person who uses the WPA2 protocol, which is the key that allows secure connections on Wi-Fi, is potentially at risk until their devices are updated with a patch that would fix the problem.

KRACK attack accessing a username and password

In short, your devices that connect to Wi-Fi are all at risk, as is any information that is connected to your device, and what you have done while on your Wi-Fi network. This can include:

  • Stored and saved information
  • Passwords
  • Documents
  • Financial information
  • Photos and videos
  • Personal information (addresses, phone numbers, etc.)
  • Social Security Numbers
  • Credit card numbers

And unfortunately, much more.

How to fix the KRACK hack and protect yourself

Until your device manufacturer offers the next update with a patch to fix this problem, unfortunately, there is nothing you can do to prevent yourself from becoming vulnerable. The only viable solution is to make sure you run an update on your Wi-Fi compatible devices, as soon as one is available.

Because of the potential security risk, device manufacturers are likely to update the OS of your device quite soon, especially because of the fact that some devices are more at risk than others. Make sure to follow up with customer service at your OS company if the next OS update is too far away, and you’re concerned about your safety. Google is reportedly planning on rolling out a patch in the coming weeks, but it’s important to follow up, especially if you have an older device, as these devices will likely be the last to receive a patch.

In the meantime, however, there are quite a few things you can do to protect your privacy while on a Wi-Fi network.

Best practices for protecting your Wi-Fi privacy

1. Never connect to an unfamiliar network without encryption.

Just don’t do it! Unless you’re in an emergency situation and absolutely need to access the Internet, then don’t join public networks that aren’t protected. Wait until you get home! These networks are notoriously unsafe because they allow so many people to connect at once. With enough know-how, a hacker could gain access to the information you’re sending out online in a matter of seconds, so think before you join an unsafe network – is checking your Facebook newsfeed because you’re bored really worth compromising your personal information?

2. Use Wi-Fi in private (in your home) whenever possible and limit your public use.

This makes it much more difficult for a hacker to access your network, because they would need to be within range of your Wi-Fi network to intercept your information. In your home, it’s very unlikely that you wouldn’t notice this, however, in the local coffee shop or out at the mall, anyone sitting around you is within range, and poses a potential threat.

3. Think carefully about the information you’re putting out there.

Though Wi-Fi is extremely convenient and allows you to do things you may never have been able to do before, that doesn’t mean you always should. A browser-based password protector that stores every password you use might be helpful for the forgetful mind, but if someone ever gained access to it, so much of your information and personal data would be at risk. Think carefully about what you’re putting out into the digital world, and always think before you act online – just as you would in your real life.

4. Regularly change passwords and limit the information you store on your device.

It’s so important to limit what you’re storing on your device. Use an external hard drive to remove files, images, and other information on your device that you don’t need. You also need to regularly change your passwords; this includes your Wi-Fi password (obviously), but it’s also important to change your account passwords at least once every 3-6 months. If you’re still using your password from age 14, something is wrong. Try a secure password manager if you have difficulty keeping track of all your passwords.

Key takeaways from the KRACK Hack

(Pun certainly intended), but here are the main things to take away from this incident:

  1. Don’t panic – there is no evidence to support the idea that malicious hackers were aware of this issue prior to now. Vanhoef’s attacks were all done for academic purposes; they help to identify flaws, and keeps Wi-Fi users ahead of the hackers.
  2. Patch your device – the only way to solve this problem is to follow what’s going on with your OS company, and find out when they are offering a patch. Once it’s available, update your device immediately to protect yourself.
  3. Chances of a hack on you are slim – though in theory anyone could be attacked, it’s not likely that you will be. In addition, an attack would have to be within range of your Wi-F network to intercept any of your information.
  4. Some things are more susceptible than others – Android and Linux devices are currently the most at risk, as is any information you transmit over a website that is not SSL-encrypted; or, as was made clear in Vanhoef’s demonstration, any website that has improper SSL encryption.

 

If you want to see the study done by Mathy Vanhoef, including his short video demonstration of running an attack on an Android smartphone, visit www.KRACKattacks.com.

Now you know the risks posed to you, and know exactly what you need to do to protect yourself in the future. Be sure to update your device right away, and always stay up-to-date on the best ways to keep yourself safe while using technology. We have plenty of other helpful articles on that subject on the rest of our website at TechBoomers.com, including other articles on Internet safety and privacy.

Support TechBoomers

TechBoomers offers free articles that teach people how to use technology to make their lives easier (and more fun!). To support our work, some of our content contains links to websites that pay us affiliate commissions when our users visit them through us and make purchases. Learn more about how this works.

Add your comments below. We'd love to hear from you!