KRACK Hack Threatens Wi-Fi Security – What it Means for You

If you grew up before, or even during the 90s, you were familiar with a world of cords. A cord for the telephone, a cord for the CD player and a cord — of course — for the internet. But around the late 80s and early 90s, things started to change. Cashier systems gained a new feature called WaveLAN. By 1999, the Wi-Fi Alliance was formed and the standard for the vast majority of our communications today was firmly established.

Wi-Fi is easily the defining feature of our modern society. Wi-Fi is advertised in cafés, and friends share login passwords far too often. One of the reasons why Wi-Fi has grown so much in use — other than its massive convenience — is that it can be relatively secure thanks to two common features called “Wi-Fi Protected Access” and “Wi-Fi Protected Access II.” In a nutshell, it established the standard use of security protocols that massively increased the security around data packets and their transmission over wireless networks. The end result are secure Wi-Fi networks relatively free of eavesdroppers.

That is, until today. Cybersecurity researchers have developed a proof-of-concept attack — named KRACK — enabling theoretical baddies to intercept and decipher data, including passwords and messages, that should not be decipherable. It gets worse. According to Ars Technica, which broke the story late on Sunday, these theoretical baddies could also “inject ransomware or other malicious content into a website.” Meaning, a trusted website could appear to be offering a link or advertisement, which actually leads to malware or other malicious content.

Because this vulnerability deals with Wi-Fi standards, almost every device is vulnerable. But, given the proof-of-concept attack can only succeed under particular conditions, some caveats are in order.  (As a note, “proof-of-concept attack” is an industry term signifying this particular vulnerability was first discovered and tested in academic and-or industrial research environments and that no cybercriminal has used it to anyone’s knowledge thus far.)

First, we need to understand this attack affects the WPA2 Wi-Fi network standard, which is the more advanced version of WPA. Second, we also need to understand it exploits vulnerabilities in a “four-way handshake.” It’s complicated concept, but, in a nutshell, it ensures every device is what it says, through the use of specific keys that are shared through handshakes. It’s as if you were trying to get into a secret society but had to know four different secret handshakes in order to get through the door.

The problem with KRACK is that it essentially tricks its victims — in this case, computers, not users — into reinstalling a new, but already-in-use, key. It appears to send a signal to reset seemingly random figures to those that the attacker knows. By doing so, the attacker can infiltrate the club (in this analogy, your network).

Now, for those caveats I mentioned. In order for this attack to succeed, it has to be in range of a targeted Wi-Fi network. Meaning a cybercriminal would have to park outside your house for a while to successfully attack your network. While possible, it’s also very unlikely.

This attack also affects some operating systems (the software used to make your computer run, like Windows, Mac OS, Android) more than others. The most vulnerable operating systems are Linux and Android. Additionally, a targeted network must remain in place long enough for the attack to transpire (which can be as little as a few seconds). This means that large Wi-Fi networks can be attacked. It also means that connected devices are vulnerable as well.

So, what can you do to protect yourself? Well, it largely depends on how quickly manufacturers and software developers can release patches to fix these vulnerabilities. Still, there are steps you can take to protect yourself:

  • Update your device’s software. There will be a number of updates issued over the coming weeks and months, for phones and other devices, in order to address the vulnerabilities KRACK has exposed. Implement these updates as soon as you can.
  • Update your router’s firmware. Your router is going to the be the most critical device in securing your wireless network. Again, you’re largely at the mercy of how fast device manufacturers and software developers generate a patch. Check your respective device manufacturer’s website for the details and status of the KRACK patch.
  • Consider a VPN. If your employer has given you a device to work from, they’ve likely given you a VPN to use as well. A Virtual Private Network, such as McAfee Safe Connect, can help to secure and encrypt your data on public Wi-Fi networks. It can also help secure your data while patches are generated for this vulnerability. Be aware, however: router-driven security features, like those found in McAfee Secure Home Platform will not protect your wireless and IoT devices, as KRACK targets the data exchanged between routers and devices — only an update to router will fix this issue.

For more details on the KRACK vulnerability, check our these blogs by our McAfee Labs team. And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

18 comments on “KRACK Hack Threatens Wi-Fi Security – What it Means for You

  • Al Mitchell says:

    My Modem/Router manufacturer has this to say about KRACK vulnerability;

    On Oct 16th, the press reported the “KRACK” vulnerability that potentially affects every Wi-Fi enabled device that uses WPA/WPA2 security encryption.

    The KRACK vulnerability is targeting Wi-Fi “clients” (such as mobile phones, computers, tablets etc.) and does not specifically attack Routers or Access Points.
    A Router or an Access Point will only be affected if running in “AP Client mode” – this mode is not enabled in D-Link routers by default and very rarely used in D-Link Access Points.

    Since this vulnerability involves the core of the WPA/WPA2 operation, D-Link are working closely with, and awaiting updates from, Wi-Fi chipset manufacturers. Once they release updated code, we will incorporate this into new firmware for various devices that may be affected. To reiterate, it is critical to apply security patches to clients (computers, phones, tablets). Even after D-Link updates our own products, clients will remain exposed to this attack, unless they are patched with their own security updates to resolve this exploit.

    Any comments please?

    Reply
  • Bruce Johnson says:

    Ok , look I don’t know what all that gobbledeegook means just tell me how to protect my computer . Hell I remember when a 1 gb computer took a 10 x12 room

    Reply
  • AJ Gendelman says:

    Yes—I just went for it. Dispatched my 2 year old Motorola Router and went for (costing double) the new generation NETGEN-Night Hawk. A remarkable upgrade in performance, security and reliability. We need to stay with the latest to match the systems changes manufacturers are challenged with to try to stay with or maybe be just somewhat ahead of the bubble heads that make money by causing our systems to be hijacked.
    I don’t consider HACKING the correct Term. HIJACKING kidnappers TRAFFICKING REMOTE CLONES TO disrupt and steal our hard earned values. Industry hiring hackers? absurd….the cause of it all. 25 years in Leavenworth is more like it. Well I said my piece…how about you standing up to CONGRESS who lets this go on.

    Reply
  • Clearly people are focusing/blaming this on McAfee. This is wrong!! McAfee protects your computer, NOT YOUR ROUTER!! The way I see it is that McAfee didn’t have to tell their subscribers this information, but they did so as a courtesy. People need to take accountability for their own responsibilities to protect themselves from new threats. McAfee does a great job that is why hackers have changed tactics.

    Reply
    • What about using a network cable whenever possible? Does Krack just affect Wi-Fi or does it affect routers in general?

      Reply
      • KRACK specifically targets the WPA-2 protocol used for authentication in WiFi communications. A network cable connection should not be susceptible. It’s still a very good idea to update your Router’s firmware, though. Newer versions of the firmware will contain various fixes for any new issues the manufacturer discovers since the older version.

        Reply
      • However – using Ethernet isn’t going to work for your cellular/mobile device…I haven’t met the IPAD or Cell phone that has an Ethernet jack, nor have I seen the cable that allows Ethernet to convert through Micro-USB or USB(C) connector. So using cables will protect your Linux system – that was the most “at risk” PC OS. But as stated elsewhere…protecting your PC doesn’t protect your router

        Reply
  • Judy Skehan says:

    Being an older woman I feel like I am aware of this but sometimes I feel like I don’t know all there is to know to prevent from being hacked especially when I open some programs and I’m on Edge or yahoo I’ve had issues where a virus is coming through and I can’t do anything except take the battery out. Then when I plug in again I do a scan with McAfee and it states everything is O.K.
    It’s really bad when that we all have to be aware but I guess that’s the internet and I’m glad I am smart enough to realize the scams on the web, in email, on the phone and virtually anything you use anymore. Sure am glad I have McAfee. Judy

    Reply
  • ” a cybercriminal would have to park outside your house for a while to successfully attack your network. While possible, it’s also very unlikely.”

    What about landing a small drone on the roof? That would be a lot less obvious and more likely IMO.

    Reply
  • Terese Dempsey says:

    I am not sure I understand the purpose of this notice. I appreciate the information but does it mean that I will be protected or must I add this feature to my Mcafee protection. And if so, what is the cost of this program?
    Thank you.

    Reply
    • Hi Terese. Which notice are you asking about? The blog itself? or are you seeing a notice on your computer? If you’re asking about the blog, the best thing to do are the things the blog lists at the end in the paragraph that starts ‘So, what can you do to protect yourself?’ If you’ve got something happening on your computer, send us a tweet @McAfee_Help, or post to our Community (community.mcafee.com) for help.

      Reply
  • Though I didn’t get much of it, it was good to get something from McAfee which is not from its sales force.

    Reply
    • I suspect if you didn’t get much out of it, you’re probably one of the people who will end up with negative consequences when it finally gets around to being applied regularly. If you don’t understand Device jargon, why bother reading articles abut it?

      Reply

Leave a Comment

2 + thirteen =