Disclosure:
Affiliate Commissions

While vpnMentor may receive commissions when a purchase is made using our links, this has no influence on the reviews content or on the reviewed products/services. We provide direct links to purchase products that are part of affiliate programs.

• Ownership

vpnMentor is owned by Kape Technologies PLC, which owns the following products: CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

• Professional Reviews

vpnMentor contains reviews that are written by our community reviewers, and are based on the reviewers' independent and professional examination of the products/services.

• Reviews Guidelines

The reviews published on vpnMentor are written by experts that examine the products according to our strict reviewing standards. Such standards ensure that each review is based on the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users, which may also affect the product's ranking on the website.

How to Stay Protected Against KRACK in 2021 (Safety Guide)

What is KRACK?

KRACK is an acronym for Key Reinstallation Attack.  The breach was discovered by Mathy Vanhoef, a postdoctoral researcher at the Catholic University of Leuven in Belgium. It is a very clever attack targeting the WPA2 protocol, which is the latest standard, and is considered to be very secure.

KRACK targets a vulnerability in the protocol specification, so almost all Wi-Fi routers used in homes, corporations, government organizations, etc. are vulnerable.

How does the attack work?

KRACK attack targets the 3rd stage of the four-way handshake in the WPA2 protocol. This four-way handshake is how the router connects to the internet.

When the client and router communicate, they use a unique cryptographic key that changes with every connection and every device. This is so other devices cannot hop on the same connection, even if it’s on the same network.

However, in order to optimize the communication and minimize connection problems, the protocol allows and recommends the re-use of a cryptographic key numerous times if the router doesn’t receive an acknowledgment from the client. KRACK attack takes advantage of this and captures the one-time cryptographic key. It then retransmits the key over and over again which forces the client to reset the packet counter.

By comparing the encrypted text before and after sending the key, the attacker can figure out the overall session key. From there, attackers can do many things like sniff the traffic (similar to a man in the middle attack), install any malware (like ransomware or Trojan), and trick the user into connecting to a secured website without HTTPS (although properly configured websites are not affected by this).

The good news is that the attacker needs to be in the physical vicinity of your router in order to perform this stunt, so there’s less of a chance of it happening to your private home. This, however, should not undermine how important it is to take precautions.

What devices are affected?

Any device which uses Wi-Fi with the commonly configured WPA2 protocol is at risk. However, some operational systems are more prone to the attack than others.

Android and Linux systems are extremely vulnerable to KRACK attack because of the implementation. In those scenarios, the attacker can force the communication to use an all-zero encryption key rendering the security useless. Windows OS is comparatively immune to this attack, and Apple has already started rolling out patches for this.

How can I stay protected against the attack?

Many think that changing your Wi-Fi password can prevent this vulnerability, but it actually does not make a difference. Here are a few ways that you can stay protected from the risk of being attacked by someone:

  1. Stop using Wi-Fi: Although this may sound too dramatic, this one of the best possible solutions until an update is implemented. In general, use cellular data on your smartphone rather than Wi-Fi, especially on Android devices, and avoid using Wi-Fi in public places such as coffee shops, airports, etc.
  2. Stick to HTTPS: The data transmitted via HTTP can be very easily sniffed and read in plaintext. You should stick to HTTPS websites, especially if you’re revealing sensitive information or doing online transactions. Note that the attacker can trick you into using HTTP even for a secured website, so you have to manually confirm it by checking the green HTTPS label in the URL bar.
  3. Use a VPN: Using a VPN will definitely provide a more reliable way of countering the attack as it provides a straight point to point secured communication channel between the client and server. Using a VPN protects you from other threats too, so it’s highly recommended.
    Keep in mind that that DNS requests can still go outside the VPN network. To prevent this, you must select a VPN provider which also gives you an inbuilt DNS server. Not to mention that the VPN provider you choose must be trustworthy and reliable as it has the capability to monitor your complete traffic. If possible, use a paid VPN service rather than the free providers as there are known instances of them selling the client data. (Below are the best and most recommended VPNs to use against the KRACK attack.)
  4. Update your devices: This is the most important and reliable solution. Your device manufacturer will, eventually, roll out the fix to this vulnerability, and you should update the device as soon as you get one. This will fix the problem from the root. So keep an eye on the updates and read those release notes this time. However, not all the manufacturers are that fast and chances are that many devices won’t ever see the light of the updates. You need to follow the other approaches discussed above in such cases.

The KRACK attack can be malicious if ignored, but protecting yourself using the strategies above will ensure you and your information remain safe.

Recommended VPNs to use against the KRACK attack

Privacy Alert!

Your data is exposed to the websites you visit!

Your IP Address:

Your Location:

Your Internet Provider:

The information above can be used to track you, target you for ads, and monitor what you do online.

VPNs can help you hide this information from websites so that you are protected at all times. We recommend ExpressVPN — the #1 VPN out of over 350 providers we've tested. It has military-grade encryption and privacy features that will ensure your digital security, plus — it's currently offering 49% off.

Visit ExpressVPN

About the Author

Harsh Maurya is a technology enthusiast who has contributed numerous open source and free tools to the public. In his spare time, he also likes to spread awareness about network security and is the author of the book How Not To Get Hacked.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
Voted by Users
Thank you for your feedback
Comment Comment must be from 5 to 2500 characters long.
EXCLUSIVE OFFER
Get 3 months free
of our #1 rated VPN
LIMITED-TIME OFFER

00

Days

00

Hours

00

Minutes

00

Seconds
Get ExpressVPN
30-Day Money-Back Guarantee
Image Alt Text - Vendor Logo expressvpn - devices