Wi-Fi KRACK, How to Protect Yourself

Written by: Martin Jones @ LAN3 | October 16, 2017

It was this morning revealed every Wi-Fi network is potentially at risk as a result of a vulnerability called 'Wi-Fi KRACK'.

It allows 'snoopers' to eavesdrop on traffic between network devices (i.e. computers, laptops and tablets) and a wireless access point.

The exploit takes advantage of vulnerabilities in the WPA2 security and authentication protocol.

Given WPA2's ubiquity across all wireless vendors, if you are accessing Wi-Fi of any description, it is likely it is affected.

restaurant-people-feet-legs.jpg

As we currently understand the situation, both the wireless vendors and the manufacturers of devices that connect to the network (laptops, tablets and smart phones) will need to issue a patch to correct this security vulnerability.

While the industry looks for a more permanent solution and a patch, here are five tips LAN3 recommends to reduce the risk to you and your network:-

1. Don't Use Public Wi-Fi Hotspots

If you're reading this on a device connected to a coffee shop wireless network, for example, consider stopping immediately!

In theory, the 'Wi-Fi KRACK' exploit allows an attacker, within range of a Wi-Fi network to read communications like passwords, credit card numbers and photos sent over the internet, if no other form of encryption is in place.

2. Run a VPN

If you have a VPN technology on your laptop, and you absolutely must connect to a Wi-Fi hotspot, turn it on.

The reason you can usually access Wi-Fi hotspots securely is the data between your laptop and the access point is encrypted. You can no longer take this as given. It is the WPA2 authentication protocol that provides this encryption that has been hacked.

A VPN will encrypt all information running from your device to its destination.

3. Think About the Apps You're Using

Until the exploit has been patched, think very carefully about the apps you're using and the websites you're visiting.

Particularly, you might want to stop looking at banking apps that require you to input a password until both the wireless vendors and the device manufacturers have issued their respective patches.

4. HTTP vs HTTPS

The extra 'S' at the end of HTTPS stands for 'secure'. Websites with this at the front offer additional security ensuring all communication between your browser and a website is encrypted.

Conversely, consider not using websites that only offer unsecured 'HTTP' access. It's probably not worth the risk until security patches have been issued and installed.

5. Password-less File Sharing

Put simply, don't do it.

Most file sharing solutions - such as WeTransfer - don't offer password protected file sharing without a premium account.

Either search for an alternative that does offer password protection, or delay transferring files until the WPA2 exploitation has been patched and resolved. 

If you do set up a file transfer service, where a password is required, only do so securely via a VPN. Without taking this step, you may expose your newly minted credentials to a 'snooper'. 

UPDATE 17/10/2017

Wi-Fi KRACK appears to be mostly a 'client side' problem. Your priority should be to ensure all devices are patched.

Here are our key points on the latest client side patches:-

1) Microsoft released a patch for Windows 10 on 10th Oct. Ensure patch number KB4041676 is installed.

2) Ensure Apple devices are up to date with at least iOS11.

3) Ensure Apple Computers are running macOS 'High Sierra'.

4) We understand an Android update is due 6th Nov.

Network health check

sign up for our Blog

Related posts

By Paul Sweeney
By Paul Sweeney
By Paul Sweeney