The weakness was found in the WPA2 security protocol used by almost every modern phone, computer and router.
You use Wi-Fi every day — you may even be on it right this very moment — and that means the device you’re using is at serious risk of being hijacked.
Researchers have discovered a flaw in the security protocol that’s a fixture in almost every modern Wi-Fi device, including computers, phones and routers.
A weakness in the WPA2 protocol, meant to protect both wireless networks and devices, was discovered by computer security academic Mathy Vanhoef, and is being nicknamed “KRACK,” short for Key Re-installation Attack.
The bug ultimately could allow hackers to eavesdrop on network traffic — bad news for anyone sending sensitive or private information over a Wi-Fi connection. These days, that’s pretty much all of us, although this could hit businesses using wireless point-of-sale machines particularly hard.
Update all the wireless things you own
Good news! Your devices can be updated to prevent the KRACK vulnerability. Updated devices and non-updated devices can co-exist on the same network as the fix is backward compatible.
So you should update all your routers and Wi-Fi devices (laptops, phones, tablets…) with the latest security patches. You can also consider turning on auto-updates for future vulnerabilities as this won’t be the last one. Modern operating systems have become quite good at auto-updates. Some devices (ahem Android) don’t receive a lot of updates and could continue to pose risks.
The key point is that both clients and routers need to be fixed against KRACK so there are lots of potential attack vectors to consider.
In the case of KRACK, hackers would have to be within physical range of a vulnerable device to take advantage of the flaw, but if they’re in the right spot, they could use it to decrypt network traffic, hijack connections and inject content into the traffic stream.
Look to your router
Your router’s firmware absolutely needs updating. If the router has been supplied by your ISP, ask the company when their branded kit will be patched. If they don’t have an answer, keep asking. You can make sure your router is up-to-date by browsing the administration panel. Find the user guide for your ISP-branded router and follow the instructions to connect to the admin pages.
If your ISP is not quickly putting out a firmware update to fix KRACK, it may be time to consider switching your ISP. A less drastic option would be to buy a WiFi access point from a responsible company that has already issued a patch. Plugging a WiFi access point into your ISP router and disabling WiFi on your ISP junk is a good alternative.
Here’s a list of some of the router makers that have already put out fixes (Ubiquiti, Mikrotik, Meraki, Aruba, FortiNet…).