A security researcher has discovered a new vulnerability that affects literally all WiFi networks – and now that they know about it, it won’t be long before hackers know about it too.
The vulnerability, discovered by security researcher Mathy Vanhoef, lies within the WPA2 encryption used by all WiFi devices and routers. It’s called KRACK, which stands for Key Reinstallation Attacks.
By taking advantage of KRACKs, a hacker can snatch up data that we previously thought was encrypted and totally safe, including credit card numbers, passwords, messages in chat and email, and photographs. A hacker could even hack into your devices with cameras and get a live stream into your home.
They can also inject ransomware or malware into your device.
Security experts are urging all device makers and internet service providers (ISPs) to release updates to patch over KRACKs as soon as possible. In the meantime, there are a few suggestions for how you can protect yourself.
First of all, make sure all of your devices and routers are updated, and turn on auto-updates so that if any new KRACK patches come in, you’ll be sure to get them right away. If you got a router from your ISP, you should call them and bother them until they release a security patch for KRACKs.
In the meantime, use your router’s user guide to find the administrative options and make sure everything is up to date and that you have the strongest privacy settings selected.
If your ISP is slow to respond, you might consider using an Ethernet cable to connect to the Internet, since KRACKs are only a problem with WiFi networks.
You can also disable WiFi on your smartphone and use your cellular data instead – although this could get expensive if you pay extra for cellular. You should also pull you Internet of Things devices, especially ones with cameras and assistants like Alexa, off of WiFi until your ISP has a KRACK patch.
It also helps to access the web through encrypted websites whenever possible.
Many sites offer either unencrypted access (HTTP) or encrypted access (HTTPS). You can download an extension called HTTPS Everywhere that tells your browser to automatically use encrypted access whenever available.
It’s available for Chrome, Firefox, and Opera.
Lastly, be aware that Android devices 6.0 or later are more vulnerable to KRACKs attacks than other devices. Good luck, and keep your information from slipping through the KRACKs!