NBN & IT Consulting | Website Optimisation | StickyWeb - Ballarat
Viewing posts categorised under: Rants

There’s a new KRACK in town …

Posted by Stickyweb in Consulting, Rants | 0 comments

Key Reinstallation Attack - KRACKThere’s a new KRACK hack that puts pretty much every WiFi network at risk … but the media isn’t making much of a fuss!
Due to new vulnerabilities discoveredy in WPA2, the most widely used Wi-Fi security protocol, virtually all devices are now vulnerable to attack. 

To ease your mind – a hacker would have to go to some lengths to exploit this hack – so your home network is probably not much of a target … but institutional networks (i.e. Universities) & Public Networks that require a password are legitimate targets.

To explain in simple terms KRACK allows a hacker to interfere with a process called a four-way handshake that goes something like:
“Hi I want to connect”
“What’s the password?”
“Clever Pa5sw0Rd”
“OK you’re in – here’s an encrypted connection”

Because the hacker interferes with the initial handshake they may be able to decrypt the traffic you exchange over WiFi. This means they’re able to do many, many bad things without even being on the network. Bad things? Like being able to intercept, modify & forge fake data & theoretically be able to inject ransomware or other malware into otherwise safe websites.

If you have a USB drive or are attached to a NAS (Network-attached storage) then it’s a data free-for-all.

It’s worth keeping in mind that in order to pull off such an attack, a KRACK hacker would need to be in your device’s Wi-Fi range and impersonate a network that your device already trusts and would attempt to connect to. 

What makes KRACK scary isn’t that it’s going to cause mass destruction

– but that it exploits a protocol that is pretty much used Everywhere.

The GOOD news is the vulnerability is easily patched so most software & hardware vendors have fixed the issue or will so in the near future.
Your job is to make sure that ALL of your devices are patched when it’s available..

There are lists published already – such as Owen Williams’ Charged blog that list the companies that have already fixed it & links to the patches.

So DON’T PANIC … Keep an eye out for patches, apply as soon as possible, and keep in mind that the issue is fixable.