KRACK: Cyber Vulnerability Puts Wi-Fi Networks at Risk

A security flaw in Wi-Fi Protected Access II (WPA2) — a protocol that secures almost all modern, protected Wi-Fi networks — was discovered recently. Hackers can potentially gain access to encrypted information using a key reinstallation attack (KRACK).

Any organization or individual that uses Wi-Fi is at risk for an attack, and hackers can use the KRACK method to steal sensitive information like credit card numbers, passwords, chat messages, emails, photos, and most data stored or transmitted online.

What’s particularly troubling about this cyber threat is that it’s not tied to a specific machine or software and is more so a flaw in how WPA2 was originally designed.

Essentially, all a hacker needs to do to access your protected information is to be near your Wi-Fi access point and execute a script that tricks a system into bypassing the security.

Not only does this allow cyber criminals to eavesdrop on network traffic, but they can also infect connected machines with malware.

It’s likely that KRACK can be used against a number of devices, including Android, Linux, Windows, and macOS.

Thankfully, KRACK can be controlled with patches, and it’s possible your network may already be fixed.

However, there are still a number of precautions businesses and individuals should take, including the following:

  • Update all laptops, smartphones, smartwatches and other devices that connected to Wi-Fi.
  • Be cautious about using any hardware that has not yet been patched, as any information stored or transmitted on that device could be compromised.
  • Contact your internet service provider to determine if you need to update your network.

To read the original findings on KRACK, visit scrivens.ca/krack. Scrivens will continue to provide updates on this story as necessary.