A “severe” security flaw with home WiFi networks has been reported that potentially puts anyone using a wireless router at risk of being hacked.
The Krack security exploit was discovered by Mathy Vanhoef, a cybersecurity expert at Belgian university KU Leuven, who will present his research at the Computer and Communications Security (CCS) conference later this month.
“We discovered serious weaknesses in WPA2, a protocol that secures all modern protected WiFi networks,” Vanhoef wrote in a blogpost describing the vulnerability. “An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.”
So how did the standard encryption option for securing WiFi networks become so vulnerable to cyberattacks?
What is the Krack WPA2 hack?
The WPA2 encryption is the standard option for securing WiFi networks. The flaw, if successfully exploited, could enable a hacker to spy on your data and gain access to other unsecured devices sharing the same WiFi network.
“In 2001, the WiFi security protocol WEP was cracked and it was soon deemed unsafe to use in order to keep your data and indeed networks safe from prying eyes,” Mark James, a security specialist at ESET, says in an email to Newsweek.
“Here we are 16 years later and it appears the seemingly trusted protocol WPA2 is going the same way.”
Am I at risk of being hacked?
The Krack WPA2 attack can be used against all modern protected WiFi networks and can be used to inject other forms of malware, such as ransomware, into websites by manipulating data.
During his investigations, Vanhoef discovered that Android, Apple, Linux and Windows users are all affected by some variant of the attacks. The Krack attack method can be abused to steal personal and sensitive information, such as credit card details, passwords, messages, emails and photos.
A statement from Britain’s National Cyber Security Centre said that online retailers and banking services and retailers were still safe to use.
“The attacker would have to be physically close to the target and the potential weaknesses would not compromise connections to secure websites,” the statement said.
How do I protect myself from the Krack WPA2 hack?
The first thing to do is to avoid any public WiFi networks until patches have been issued, while also avoiding any websites that don’t use the HTTPS secure protocol.
If it’s possible, connect your computer directly to the router with an ethernet cable and install any updates that the router may require.
“This certainly highlights the need for additional safety precautions,” James says. “Always, where possible, password protect your network resource shares, even if you don’t think anyone else would normally access it—after all, it’s not the ones you know about that are the problem.”