KRACKs are in the news. McAfee has already discussed these key reinstallation attacks that affect Wi-Fi setups in two posts:
- “KRACKs Against Wi-Fi Serious But Not End of the World”
- “How KRACK Threatens Wi-Fi’s Security Underpinnings and What It Means for You”
Here are five observations that offer an easy-to-digest summary:
- Don’t panic! Remember this is currently only a vulnerability. We have not yet seen any attempts to exploit it. Attacks may come, but they will be dependent on the difficulty of implementing code along with the hacker community’s requirement that any attacks must be sufficiently successful to give them a return on their “investment.”
- An attack requires the actor to either be in close proximity or use an antenna large enough to both receive your Wi-Fi signals and send Wi-Fi packets to your router. This is a lower risk than remote exploits that can be conducted across the Internet, simultaneously affecting hundreds or thousands of devices.
- Not all wireless devices are equal. Smart TVs, set-top boxes, and other wireless digital streamers are unlikely to be considered high-value targets. For devices containing sensitive data, consider switching to a wired network.
- Although this potential attack vector does not benefit from weak site passwords or the router’s WPA2 password, a number of alternative vectors do exploit weak or default passwords. That danger has not changed. Your security is only as strong as your weakest link, so think broadly about your security rather than just focusing on the latest issue.
- A consistent security best practice is to keep devices up to date to offer protection against known vulnerabilities. That advice remains true in this case, too. If your vendor releases a fix, apply it.