There’s a new KRACK hack that puts pretty much every WiFi network at risk … but the media isn’t making much of a fuss!
Due to new vulnerabilities discoveredy in WPA2, the most widely used Wi-Fi security protocol, virtually all devices are now vulnerable to attack.
To ease your mind – a hacker would have to go to some lengths to exploit this hack – so your home network is probably not much of a target … but institutional networks (i.e. Universities) & Public Networks that require a password are legitimate targets.
To explain in simple terms KRACK allows a hacker to interfere with a process called a four-way handshake that goes something like:
“Hi I want to connect”
“What’s the password?”
“OK you’re in – here’s an encrypted connection”
Because the hacker interferes with the initial handshake they may be able to decrypt the traffic you exchange over WiFi. This means they’re able to do many, many bad things without even being on the network. Bad things? Like being able to intercept, modify & forge fake data & theoretically be able to inject ransomware or other malware into otherwise safe websites.
If you have a USB drive or are attached to a NAS (Network-attached storage) then it’s a data free-for-all.
It’s worth keeping in mind that in order to pull off such an attack, a KRACK hacker would need to be in your device’s Wi-Fi range and impersonate a network that your device already trusts and would attempt to connect to.