It seems like every other day, we are hearing about some new hack or website attack that shows the vulnerability of different websites and network systems. But one recently hit the mainstream media, and for good reason.
The recent “KRACK Attack” has garnered this publicity because, rather than affecting one or two websites, it has the potential to affect almost every single wireless device connected to the Internet. As one University of Michigan computer scientist put it, “…we’re not just underwater. We’re under quicksand under water.” As we prepare to deal with this major security weakness, there are several things that you need to know about what this means for the average person and for the industry as a whole.
What do you mean, KRACK attack?
Recently, a security specialist named Mathy Vanhoef published a paper that addressed what he termed “weaknesses using key reinstallation attacks” or “KRACKs.” In it, he details how in July, he discovered certain products had vulnerabilities that could be compromised. He then turned this information over to CERT to help with notifying the vendors so that they could address it. This notification came at the end of August. After that, the vendors began working on patches and corrections for their devices before the story finally went public in October of 2017.
In a nutshell, this is a newly conceived attack that can be used to read data that was previously thought to be encrypted. That means everything from personal information like social security numbers to passwords, photos, and credit card numbers could be compromised by hackers. What makes this so scary is that it can be used on “all modern protected Wi-Fi networks.” Everything from your phone’s Wi-Fi connection when you are out in public to your school or office Wi-Fi is affected by this. It’s also not just your log-in information like username and password that is opened up by this; any information that you enter is vulnerable.
High-profile websites are at risk.
In fact, for his test run video, Vanhoef used Match.com as an example of a website that people put personal information on as an example of what could be compromised with this attack. That’s a lot of potential dangers for hackers to exploit. In addition to data being put at risk, the network is also at risk of having malware and ransomware placed on websites to infect other computers when they log in. Even websites that use HTTPS can be hijacked so that the hackers can transmit dangerous data to the computer user.
When we say that this is a widespread hack, realize that it is a vulnerability that has been found in WPA2, the standard protocol used in most modern secure Wi-Fi networks. Even if the Wi-Fi has been correctly set up and implemented, it is still vulnerable. The weakness is in the protocol itself and not in the device that is being used, but more on that in a second. Vanhoef discovered in his initial testing that the weakness affected Windows, Mac, and Linux systems as well as Android devices and Linksys, among many others.
Android users are particularly at risk.
Perhaps one of the scariest aspects of this is what Vanhoef used as his demonstration for this research. In the simulation, he replicated an attack on an Android smartphone and was able to decrypt all of the phone owner’s data. In fact, Vahhoef’s findings were that such a hack was particularly easy against Android and Linux systems. With those systems, virtually everything is up for grabs. Despite many high-profile celebrity phone hacks and this obvious security opening, most people still erroneously believe that computers are susceptible to hacking but cell phones are not.
The KRACK attack takes advantage of the WPA2 protocol’s 4-way handshake. Whenever a user tries to join a Wi-Fi network, the protocol checks to make sure that the user has the password for that particular network. This protocol also creates a new encryption key to ensure that all of the traffic from that point is encrypted. The KRACK basically makes the handshake repeat step 3 over and over again; it can therefore resets in the system by replaying these “cryptographic handshake transmissions.”
What should you do to prevent your Wi-Fi connection from being hacked?
First and foremost, you need to update any of your Wi-Fi devices such as your routers and access points. Those who are using your ISP’s router and not one that you purchased yourself should contact your ISP to see if they have a patch for the device. You can also disable the Wi-Fi on your router by plugging in a separate access point. That isn’t, however, the end of the problem.
If your phone or tablet tries to connect to a public Wi-Fi that has not updated their patches, then you are still going to be vulnerable. Because of this, you should update all of your devices that connect to the Internet using Wi-Fi. You should also set the auto-update feature on all of your devices so that you do not have to manually handle all of these.
When it comes to operating systems and corporate responses, Microsoft has already rolled out a patch for Windows 7, 8, 8.1, and 10. Apple is currently beta-testing patches for all of its operating systems and should have it available very soon. Unfortunately, the problem area seems to be Android devices, which may not see an update for several weeks, possibly even until the start of the New Year.
Now, more than ever, it is becoming apparent that devices previously thought to be secure are actually at great risk. It is no longer enough to simply respond to attacks as they happen and block them at that point. Instead, it is necessary to think like a hacker and find all of the susceptibilities that lie in a system so they can be prevented from being exploited. Now that this weakness has been revealed, many hackers will move on to the next target. But others will look to exploit the opening for those users who are not informed that their data is at risk.