1. 程式人生 > >The Fear that KRACK Built…and How You Can Protect Your WiFi Security

The Fear that KRACK Built…and How You Can Protect Your WiFi Security

You may have heard of KRACK. Not crack. KRACK.

Last year, Belgian security researcher, Mathy Vanhoef, published a paper that ignited fear in WiFi users relying on WPA2 security (WiFi Protected Access 2) — the industry standard for most WiFi networks.

While the WPA2 encryption protocol was previously thought to be untouchable by hackers,

Key Reinstallation Attacks (KRACKs) exploit a vulnerability in the 4-way handshake — the process used to authenticate the client and encrypt sensitive data like your password and credit card numbers.

How Do KRACKs Affect WiFi Security?

In a nutshell, KRACKs covertly intercept the wireless access point (WAP) in the third message, decrypt the victim’s data, and steal personal information ranging from

private media to bank details. They can even insert malicious malware or ransomware.

Sounds like a “handshake handoff” gone bad, right?

What Happens During a KRACK Attack?

  • A hacker finds your vulnerable WPA2 network.
  • The hacker clones your WiFi Signal with an Evil Twin Access Point.
  • The Evil Twin acts as a man-in-the-middle (MITM).
  • Your hacked device is tricked into reinstalling its encryption key (nonce), which allows the hacker to discover your key.
  • If you are using an Android or Linux network, a KRACK will replace your nonce with a fake all-zero encryption key to decrypt your data.

Video: How the KRACK Hack Breaks WiFi Security

How Can You Protect Yourself from KRACK Attacks?

The KRACK attack destroys nearly all WiFi security, and Vanhoef has returned with a refined version of the vulnerability, but you don’t have to be another victim of KRACK. You can protect your privacy. Here’s how:

1. Use Networks and Devices That Have Been Patched

Now that Vanhoef’s paper has attracted the attention of the tech and cybersecurity industries, many Internet Service Providers (ISPs) and makers of popular WiFi devices have provided security patches to prevent the vulnerability from being exploited in the wild.

These include: Apple, Cisco, Google, Intel, Microsoft, Netgear, and WiFi Alliance, among some of the bigger names.

If you’re not sure if your router or device has been patched, it might be time for an update.

2. Update Your Devices

You can stop ignoring those software update requests. They aren’t there to annoy you — though I admit they are annoying. Updating your software can prevent possible attacks by providing backwards-compatible patches, according to Vanhoef.

That means, even if your device was previously vulnerable, you could fix the problem by downloading a patched KRACK update.

3. Connect to WiFi Using the Cellular Data on Your Phone

If your heart is racing at the thought of some cybercriminal finding that private folder (you know which one) and now you don’t trust WiFi of any kind — don’t use it.

That doesn’t mean you need to go back to the digital dark age. Simply disable your WiFi and use your cellular data instead.

4. Check Sites’ HTTPS Connection Security

Think you see a black hat lurking around? Protect yourself from WiFi hijacking by visiting safe sites only.

You can check a site’s security status by quickly glancing at your browser. If the site has been encrypted with a secure sockets layer (SSL), you’ll see a padlock icon, “secure” message, and HTTPS web address.

The “S” stands for “secure” — but you can think of it as “sensitive”. Share sensitive information only when you see the “S”.

You could also install Electronic Frontier Foundation’s HTTPS Everywhere Extension if you are using Google Chrome, Firefox, or Opera (sorry this extension is not yet available for Safari).

This open source extension would automatically choose the HTTPS version of a site in the case of a website offering both an HTTP and HTTPS version. If a website hasn’t been secured, you will be better off with a VPN.

5. Use a VPN with an Automatic WiFi Security Feature

A virtual private network (VPN) isn’t just for fooling the man controlling your online media. The digital nomad trend has made VPNs indispensable for public browsing and productivity.

You wouldn’t shout your bank account number in a crowded place, so why would you share your data on an open network? Even if you aren’t the target of a KRACK thief, your private property could be unwittingly shared with anyone using the same network. A VPN allows you to change networks, while at the same time encrypting your sensitive data.

When choosing a VPN, you should look for a provider with an automatic WiFi security feature. This offers instant protection against cybercriminals who can steal your information during the moments between connecting to public WiFi and connecting your VPN.

Protect Your Internet Security and Privacy

Now that you’re sufficiently scared of KRACK, you can rest assured that the flaw was discovered by a white hat hacker, not a criminal. That being said, news of the bug is out there — and new techniques can bypass the WPA2 flaw mitigations. Hackers can take advantage of this information — but they must be close — very close — as in a surveillance van outside your home, or at the next cafe table. Thus, it’s unlikely you will be hacked in this way. But why take the risk? Please follow my WiFi safety tips — and I can’t stress enough — always use a VPN.