If you are reading this article on a device connected to Wi-Fi, then chances are that Wi-Fi network is vulnerable to the new KRACK attacks that can allow hackers to exploit this weakness and hack your network. The vulnerability is found in the WPA2 protocol, which is used to protect all Wi-Fi networks today.
The vulnerability that has been discovered by Mathy Vanhoef allows hackers to utilize the KRACK or key reinstallation attacks to gain access to data that is being transferred from a device through the Wi-Fi network, after data transmission has been decrypted. The attacker only needs to be in the range of the victim to be able to take advantage of this vulnerability. These attacks can be used to attack private as well as public Wi-Fi networks.
Using this complex hack attackers can intercept the signals and gain access to information like credit card numbers, account passwords, user’s personal data and more. However hacks can be prevented if the website data being transmitted to and from uses HTTPs. They can even manipulate data and insert viruses into devices that are connected to the affected network.
The vulnerability is found in the Wi-Fi standard, so it most likely affects all modern routers that are in use today. This also means that any device that uses Wi-Fi including your iPhone, iPad, Mac, Watch, bulb, toaster and the list goes on, can be affected by this vulnerability.
The good news is Apple and other companies can fix their platforms and devices with a software update and make them safe even when the Wi-Fi network they are connected to is compromised. Microsoft has already released a fix for this vulnerability in its latest update for Windows, and Google is expected to release one in the coming weeks. Apple shouldn’t be far behind as well.
Until a patch arrives it is advisable for users to avoid public Wi-Fi networks, use VPN and use Wired Ethernet connections when possible.
For those interested, here is a demonstration by Vanhoef in which he bypasses WPA2 against Android and Linux using KRACK attacks.
