Last month in October, security researchers announced perhaps one of the biggest vulnerabilities discovered in the past decade. Say hello to the KRACK vulnerability, which is the clever acronym for what’s known as the Key Reinstallation Attack. KRACK likely affects billions of home and enterprise Wi-Fi devices around the world and is all because of a security flaw in the WPA2 protocol. All modern devices that have WPA2 such as your smart phone and your access points that provide the Wi-Fi that we all desire.
Open public Wi-Fi is not the only place affected
To accomplish this, an attacker would need to use software to listen to traffic from a person’s mobile phone, for instance, to the Wi-Fi device that they are trying to connect to. This can happen at your company office or at a busy international airport. To make it easier to take advantage of this vulnerability, the digital invader must have the targeted wireless network broadcasting numerous data packets and intercepting or delaying others, which is possible, but can be difficult.
Realistically, the attack would be incredibly difficult against Windows and iOS devices as there is no publicly available code that exists to attack this. The attacker would need to have an incredibly high-skill level to accomplish this as well as physically being at the Wi-Fi base station. It’s reasonable to assume that many people with that amount of skill would not be placing themselves in this situation if the alternative is having a well-paid job in a secure carrier field.
Patch your devices
To fix this vulnerability you would need to patch both devices, such as your smart phone and wireless access point that you are connecting to. Patching your router would be a good start. The best thing to do, if you haven’t done it yet, is go ahead and check with your device manufacturers to see if there is a patch, and patch any of your devices that use WPA and WPA2.