Welcome to the "Only Wi-Fi" Project!
Copyright © Only WP · All Rights reserved
How to protect your Wi-Fi network against KRACK
You know it was bound to happen someday: the WPA2 encryption protocol was cracked. And since this is the most recent Wi-Fi encryption method we've got at our disposal, every device on the planet is vulnerable. Your credit card data, your emails, your private photos... every one of your digital possessions could fall into other people's hands!
You know it was bound to happen someday: the WPA2 encryption protocol was cracked. And since this is the most recent Wi-Fi encryption method we've got at our disposal, every device on the planet is vulnerable. Your credit card data, your emails, your private photos... every one of your digital possessions could fall into other people's hands!
So, let's begin this article by understanding how this Key Reinstallation AttaCK (KRACK) method works. Whenever a new device is connected to a Wi-Fi network, a handshake protocol is executed. Basically, the client and the router confirm that they use the same password. However, a new encryption key is generated during the process. This new key will be used to encrypt communication between the client and the router from now on.
The attacker starts by cloning the MAC address of an existing network client. Then, he tricks a newly connected device into using an already existing encryption key, by connecting to the fake network that he has created. This way, all the data that is sent and received by the device can be easily decrypted. Android and Linux devices are especially affected, because they can be forced to reinstall and use an all-zero encryption key.
Okay, so now that we've learned about the problem, what can we do about it? Not too many things, I am afraid. We will have to wait until hardware manufacturers patch their products, be them routers, computers, access points, tablets, smartphones, and so on. Yes, every device in the world is affected!
The (somewhat) good news is that we won't need another version of the WPA2 encryption protocol; it is possible to patch WPA2 as well. So, write down a list with all the devices that are connected to your Wi-Fi network, find their manufacturers' tech support URLs, and then visit them regularly, until you are able to download an updated patch for each device.
Microsoft has already patched Windows, for example.
The attacker starts by cloning the MAC address of an existing network client. Then, he tricks a newly connected device into using an already existing encryption key, by connecting to the fake network that he has created. This way, all the data that is sent and received by the device can be easily decrypted. Android and Linux devices are especially affected, because they can be forced to reinstall and use an all-zero encryption key.
Okay, so now that we've learned about the problem, what can we do about it? Not too many things, I am afraid. We will have to wait until hardware manufacturers patch their products, be them routers, computers, access points, tablets, smartphones, and so on. Yes, every device in the world is affected!
The (somewhat) good news is that we won't need another version of the WPA2 encryption protocol; it is possible to patch WPA2 as well. So, write down a list with all the devices that are connected to your Wi-Fi network, find their manufacturers' tech support URLs, and then visit them regularly, until you are able to download an updated patch for each device.
Microsoft has already patched Windows, for example.
Apple has done the same thing with its iOS. I bet that Google will patch Android quickly, but most of us don't own a Google phone, so we will have to wait until the smartphone manufacturers release their patches.
It is crucial to update your router's firmware as well. Fortunately, are there several third parties who have developed paid router operating systems, and they are usually much quicker to respond when it comes to fixing security flaws in their products.
I know, you may have ancient Wi-Fi clients in your network. If this is the case, your chances of getting firmware updates for them are quite slim. Still, it may be a good idea to contact the manufacturers and ask if they intend to release patches that are able to fix the KRACK vulnerability for your devices.
If the answer is negative, you've got two options at your disposal: throw those old devices away, or don't do anything. Keep in mind that if you go the latter route, your network will be vulnerable. Don't change your Wi-Fi password - it won't fix the problem. Actually, that may help slow down the attackers a bit, but only if you make a habit of changing it every few days or so. It won't stop them in their tracks, but it may limit the damage.
Finally, don't forget that the attacker must be near your Wi-Fi network to attack it. It's a wireless protocol vulnerability, after all, so the hacker must be close to the network. Your neighbors may be nice guys, so they may not attack your network. However, you should keep in mind that people have managed to connect to Wi-Fi networks that were over 5 miles away, using specially crafted, high gain antennas.
Of course, it is wise to stay away from public Wi-Fi networks for a few months. Any open network is even more dangerous now, at least until it is fully patched. Resist the temptation to check your Facebook feed before you get home. I bet that at least some of your thousands of virtual friends will understand it! And if you really have to see that new baby movie on Facebook, switch off Wi-Fi and use cellular data for your Internet browsing activities. It will cost you some money, but it will give you peace of mind.
People who already use VPN services will benefit from an added layer of security. In fact, it may be wise to subscribe to a virtual private network service for a few months, until the KRACK vulnerability will have been patched for good.
It is crucial to update your router's firmware as well. Fortunately, are there several third parties who have developed paid router operating systems, and they are usually much quicker to respond when it comes to fixing security flaws in their products.
I know, you may have ancient Wi-Fi clients in your network. If this is the case, your chances of getting firmware updates for them are quite slim. Still, it may be a good idea to contact the manufacturers and ask if they intend to release patches that are able to fix the KRACK vulnerability for your devices.
If the answer is negative, you've got two options at your disposal: throw those old devices away, or don't do anything. Keep in mind that if you go the latter route, your network will be vulnerable. Don't change your Wi-Fi password - it won't fix the problem. Actually, that may help slow down the attackers a bit, but only if you make a habit of changing it every few days or so. It won't stop them in their tracks, but it may limit the damage.
Finally, don't forget that the attacker must be near your Wi-Fi network to attack it. It's a wireless protocol vulnerability, after all, so the hacker must be close to the network. Your neighbors may be nice guys, so they may not attack your network. However, you should keep in mind that people have managed to connect to Wi-Fi networks that were over 5 miles away, using specially crafted, high gain antennas.
Of course, it is wise to stay away from public Wi-Fi networks for a few months. Any open network is even more dangerous now, at least until it is fully patched. Resist the temptation to check your Facebook feed before you get home. I bet that at least some of your thousands of virtual friends will understand it! And if you really have to see that new baby movie on Facebook, switch off Wi-Fi and use cellular data for your Internet browsing activities. It will cost you some money, but it will give you peace of mind.
People who already use VPN services will benefit from an added layer of security. In fact, it may be wise to subscribe to a virtual private network service for a few months, until the KRACK vulnerability will have been patched for good.