KRACK Attack - A Brief Overview

18/10/2017 14:12

What is a KRACK attack?

The KRACK attack works against all modern WiFi networks, whether they have been configured securely or not. The attack allows an adversary to break the encryption on your wireless network and capture unencrypted data flowing between your wireless device and the internet.

How does the KRACK attack operate? 

In certain circumstances, the attacker can inject their own data into the intercepted connection. However, there are two reasons why this is not as terrible as it first sounds:
  • Most data that flows across the internet is already encrypted, for example internet banking. You can see if a website you are browsing is encrypted by looking at a padlock symbol in the address bar or for the letters https in the address.
  • The attacker needs to get close to you and your wireless access point in order to exploit this vulnerability.

How to protect your network against KRACK attack.

Because the vulnerability is in the WPA2 protocol itself, it affects a wide range of devices from many vendors. The best way to protect yourself is by installing the latest updates on your wireless devices. The impact can be further mitigated by updating your wireless access points or broadband router. 

What do I need to do?

  • Stay up to date with updates for your devices.
  • Update the firmware on your wireless access points and/or wireless router.
  • If no updates are available, use a wired connection (and complain to your device vendor).
  • If you cannot use a wired connection, use a VPN to protect your traffic.
  • If OpenIP maintain your wireless infrastructure, updates will be rolled out once they have been released by the relevant vendor, and we have tested them. We will be in contact to arrange maintenance windows as required.
Posted in News By Just Firewalls