How to Stay Protected Against KRACK
In wake of the recent breach of the Wi-Fi protocol, you might hear the term KRACK attack often. While many are voicing the severity of the situation, if you understand what the breach is and how to deal with it, there is no need to worry. We tell you everything you need to know about KRACK. Share
What is KRACK?
KRACK is an acronym for Key Reinstallation Attack. The breach was discovered by Mathy Vanhoef, a postdoctoral researcher at the Catholic University of Leuven in Belgium. It is a very clever attack targeting the WPA2 protocol, which is the latest standard, and is considered to be very secure.
KRACK targets a vulnerability in the protocol specification, so almost all Wi-Fi routers used in homes, corporations, government organizations, etc. are vulnerable.
How does the attack work?
KRACK attack targets the 3rd stage of the four-way handshake in the WPA2 protocol. This four-way handshake is how the router connects to the internet.
When the client and router communicate, they use a unique cryptographic key that changes with every connection and every device. This is so other devices cannot hop on the same connection, even if it’s on the same network.
However, in order to optimize the communication and minimize connection problems, the protocol allows and recommends the re-use of a cryptographic key numerous times if the router doesn’t receive an acknowledgment from the client. KRACK attack takes advantage of this and captures the one-time cryptographic key. It then retransmits the key over and over again which forces the client to reset the packet counter.
By comparing the encrypted text before and after sending the key, the attacker can figure out the overall session key. From there, attackers can do many things like sniff the traffic (similar to a man in the middle attack), install any malware (like ransomware or Trojan), and trick the user into connecting to a secured website without HTTPS (although properly configured websites are not affected by this).
The good news is that the attacker needs to be in the physical vicinity of your router in order to perform this stunt, so there’s less of a chance of it happening to your private home. This, however, should not undermine how important it is to take precautions.
What devices are affected?
Any device which uses Wi-Fi with the commonly configured WPA2 protocol is at risk. However, some operational systems are more prone to the attack than others.
Android and Linux systems are extremely vulnerable to KRACK attack because of the implementation. In those scenarios, the attacker can force the communication to use an all-zero encryption key rendering the security useless. Windows OS is comparatively immune to this attack, and Apple has already started rolling out patches for this.
How can I stay protected against the attack?
Many think that changing your Wi-Fi password can prevent this vulnerability, but it actually does not make a difference. Here are a few ways that you can stay protected from the risk of being attacked by someone:
- Stop using Wi-Fi: Although this may sound too dramatic, this one of the best possible solutions until an update is implemented. In general, use cellular data on your smartphone rather than Wi-Fi, especially on Android devices, and avoid using Wi-Fi in public places such as coffee shops, airports, etc.
- Stick to HTTPS: The data transmitted via HTTP can be very easily sniffed and read in plaintext. You should stick to HTTPS websites, especially if you’re revealing sensitive information or doing online transactions. Note that the attacker can trick you into using HTTP even for a secured website, so you have to manually confirm it by checking the green HTTPS label in the URL bar.
- Use a VPN: Using a VPN will definitely provide a more reliable way of countering the attack as it provides a straight point to point secured communication channel between the client and server. Using a VPN protects you from other threats too, so it’s highly recommended.
Keep in mind that that DNS requests can still go outside the VPN network. To prevent this, you must select a VPN provider which also gives you an inbuilt DNS server. Not to mention that the VPN provider you choose must be trustworthy and reliable as it has the capability to monitor your complete traffic. If possible, use a paid VPN service rather than the free providers as there are known instances of them selling the client data. (Below are the best and most recommended VPNs to use against the KRACK attack.)
- Update your devices: This is the most important and reliable solution. Your device manufacturer will, eventually, roll out the fix to this vulnerability, and you should update the device as soon as you get one. This will fix the problem from the root. So keep an eye on the updates and read those release notes this time. However, not all the manufacturers are that fast and chances are that many devices won’t ever see the light of the updates. You need to follow the other approaches discussed above in such cases.
The KRACK attack can be malicious if ignored, but protecting yourself using the strategies above will ensure you and your information remain safe.