You may have heard about the latest Wi-Fi vulnerability in the news called “KRACK” or “Key Reinstallation Attack.” This is a security flaw in the WPA2 protocol that could allow a third party to intercept network activity between a router and a device. It does this by taking advantage of a problem with the way the client (your mobile device or computer) authenticates with the access point (the router).
The first thing to keep in mind is that this is not a simple attack to perpetrate, so there’s no need to panic. It requires a “man-in-the-middle,” meaning the attacker has to physically place themselves between the access point and the client. On a wireless network, this alone isn’t difficult to do. However, the attacker would also need to have the same MAC address as the access point, and there can’t be two identical MAC addresses on the same network. The attacker would have to get around this by using a different Wi-Fi radio channel. This all means the attacker would have to be within radio range of everyone and impersonate both the access point to the client and the client to the access point.
It’s important to know that this vulnerability is all taking place on the client side — it is not a problem with routers. So it’s vitally important to keep your computers, smartphones, tablets, and other internet connected devices up to date. It’s not technically necessary to worry about the Wi-Fi access point, unless it’s being used in a mesh setup where a router would be acting as a client. Some routers actually have a checkbox in settings where you can disable it from functioning as a client. This will make sure the router is safe until a firmware update is issued.
By sheer coincidence, the way Microsoft and Apple implemented this Wi-Fi authentication protocol makes them less vulnerable. Even still, Microsoft has already issued a patch for it, and Apple has patched this in its public betas for iOS, tvOS, macOS, and watchOS. Android version 6.0 and above is vulnerable to this, but Google is said to be preparing patches for it. You can get a list of all of the firmware and driver updates in response to KRACK at bleepingcomputer.com.
This vulnerability is not good, but it’s also not the end of the world. You can protect yourself from it right now by making sure you’re using HTTPS sites in the browser, or by using a VPN (Virtual Private Network). There are many VPNs to choose from, but one of the best is from Tiny Hardware Firewall. The new Boudica THF is a small USB key that plugs into your laptop or a USB battery and acts as a Wi-Fi hotspot. Once you connect your devices to this, it will route all of your traffic through a VPN, which will protect you from a third party intercepting it.
For more information on KRACK, check out Steve Gibson’s explanation on Security Now 633.