Ride the Lightning

Don’t Panic Over the KRACK Wi-Fi Attack: The Rules Are the Same

October 23, 2017

As security analyst Graham Cluley noted in a recent post, Mathy Vanhoef discovered what may be the biggest vulnerability of the year – a flaw in the WPA2 protocol used to encrypt Wi-Fi communications.

As he says, "an attacker could exploit the vulnerability in WPA2's handshake protocols to intercept sensitive information such as passwords. At risk-devices include those running Android, Apple, Linux, OpenBSD and Windows operating systems."

Vanhoef describes the attack as being "exceptionally devastating against Linux and Android 6.0 or higher."

Cluley thinks, and so do I, that we shouldn't overreact. Much of the Web these days (and an increasing number of apps) are using HTTPS/SSL for encryption, which limits the opportunities for purloining information through the KRACK attack. Also, a hacker has to be within range of your Wi-Fi network to launch a KRACK attack against it. So you're not going to be attacked by someone on the other side of the globe.

Very importantly, Wi-Fi hardware vendors were told of the KRACK attack in July, long before it made headlines – and they have worked hard at developing fixes. There is a long list of advisories from many different vendors.

So, the most important rule remains the same. Keep your risk as low as possible by patching your devices as soon as security updates are released. And if you have a trusted VPN service, use it to get the additional protection.

Keep calm and carry on!

Hat tip to Dave Ries.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson