Avoiding KRACK on Wi-Fi Networks

We’ve known public Wi-Fi networks are vulnerable to hacking for a long time. But according to experts, the situation is a whole lot worse than anyone imagined.

It’s now believed that every Wi-Fi network in the world is vulnerable — or at least, every Wi-Fi network that uses either WPA or WPA-2 encryption, which is virtually all of them.

Image result for krack security

The cause? An exploit called “KRACK,” which is short for Key Reinstallation Attacks.

But what exactly is a KRACK attack? How does it work? Can it be fixed? And what can you do about it in the short-term? Let’s take a closer look.

Why Are We Only Hearing About KRACK Attacks Now?

An excellent question.

Consider this: WPA and WPA-2 encryptions have been standard features of Wi-Fi networks since 2003. Until the KRACK revelations, nobody had cracked the encryption techniques.

The encryption plays a vital role in networking. It secures the traffic between your router and your wireless device, thus ensuring nobody can spy on your actions or inject malicious code into the transfer.

Now its perfect record lays in ruins. And so too does the security of billions of Wi-Fi networks around the world.

How Does a KRACK Attack Work?

Perhaps the most worrying aspect of KRACK is that it’s not focused on a particular range of devices or a specific type of security implementation. The issue affects the Wi-Fi protocol itself, and thus affects every internet-connected device you own.

WPA-2 encryption uses a “four-way handshake” to establish a device’s connection to the network. It’s this “handshake” that the KRACK attack targets.

The first two parts of the four-part process ensure the password on a device matches the Wi-Fi’s security key. The device and router communicate with each other, and if the credentials agree, the third part of the handshake initializes.

Image result for krack wifi

At this point, a new encryption key is generated. Theoretically, it’s designed to protect a user’s session by encrypting data frames. This is where the KRACK attack kicks into action. Vanhoef’s research shows a hacker can intercept and manipulate the new key.

The hack works because a router (or other access point) will try and retransmit the new key several times if it does not receive a response from the device. Because each retransmission uses the same encryption key, it resets the transmit packet number and receive replay counter.

An attacker can collect the messages and force the counters to reset. In turn, this allows the person to replay, decrypt, or forge packets.

TL;DR: KRACK allows an attacker to steal and use one of the encryption keys that Wi-Fi network security relies on.

What Can Hackers Do With KRACK?

Let’s start with the good news. KRACK attacks are difficult for hackers to deploy for one simple reason: they need to be within range of a Wi-Fi network to make it work. Unlike some other worldwide security flaws, like Heartbleed and Shellshock, the hacker cannot deploy a KRACK attack remotely.

Secondly, a hacker can only attack one network at a time. Let’s assume the would-be criminal sets themselves up in a Starbucks in downtown New York. They probably have hundreds of networks within range, but there’s no way to attack them all at once — at least, not without a van full of equipment.

As such, if cyber-criminals are thinking of launching a KRACK attack, the most likely targets are large hotels, airports, train stations, and other vast public networks with thousands of people logging on and off every day. Your home network is almost certainly safe.

The bad news? A KRACK attack has the potential to be devastating for the victim.

A succeful KRACK attack will steal credit card numbers, passwords, chat messages, emails, photos and more. This leaves you vulnerable to monetary loss and identity theft. Some network configurations will even allow hackers to inject malware, ransomware, and spyware into websites you’re visiting and, by extension, your computer.

Can KRACK Be Fixed?

Yes, hardware manufacturers and software developers can patch and fix devices that are vulnerable to KRACK attacks. Microsoft and Apple were particularly quick off the mark — the Silicon Valley giants released beta patches on the same day the flaw was publicly announced. Google has said an Android patch will be forthcoming in the next few weeks.

However, these days we connect a lot more to our Wi-Fi than just laptops and phones. Sure, they might be the primary attack vectors, but you need to update everything from your router to your smart fridge. That takes a lot of time, and many of the companies behind the devices won’t be as responsive as Microsoft and Apple.

Your router is arguably the most critical device to update. If you’ve got an ISP-issued model, you need to start pestering the company for a patch as soon as possible.

For more information about whether your device already has a fix, check this list.

Short-Term Solutions

It seems like we might be waiting for a long time before we can definitively claim all our devices are secure. Here are some steps you can take in the meantime:

  • Use Ethernet: Remember, KRACK doesn’t affect the web at large, it just targets Wi-Fi connections. If you have the option to connect to a network using an ethernet cable, your device will be safe.
  • Use cellular data on your phone: Similarly, when on mobile, just use your data plan rather than connecting to public Wi-Fi.
  • Tether your phone: If you’re in public, it might be safe to use your phone’s tethering optionrather than connect your laptop to a Wi-Fi network.
  • Disable vulnerable Internet of Things (IoT) devices: Sure, you might not worry about a hacker getting access to your fridge’s data, but your smart security system is another story. Temporarily disable any highly sensitive IoT devices until a patch is available.
  • Use a VPN: A VPN encrypts all your traffic, so although a hacker deploying a KRACK attack will be able to see it, they won’t be able to decode it.
  • Are You Worried About KRACK Attacks?

    KRACK attacks are yet another reminder that we’re not as immune as we might like to think are.

    We can all make strong passwords, use services like LastPass, keep our firmware updated, and take other security precautions, but we’re ultimately at the mercy of the technology we use. If there’s a flaw in the technology, it doesn’t matter how security conscious we are, we will be at risk.

Share This:

Comcast’s Public HotSpot Plan

Comcast has started rolling out something that would be inconceivable if it was any other company that attempted it. Even if there is potential goodness here, do you really trust Comcast with what I am about to explain?

Recently Comcast turned 50,000 residential Xfinity modems into public WiFi hotspots. There are 50,000 paying Xfinity customers in Houston, Texas who are now broadcasting free WiFi that anyone can use. As far as Comcast is concerned, of course, this is a “genius move” to blanket the country in high-speed WiFi for Comcast’s customers. First I believe there are going to be major legal issues brought up as a result of this and second, Comcast plans to continue rolling this “genius” plan out could potentially have a negative impact in your broadband performance.

Over the last couple of years, Comcast has been distributing the Arris Touchstone Telephony Wireless Gateway Modem to new customers. Here is where is get’s scary. Comcast remotely programmed these modems to broadcast a new wireless network SSID — “xfinitywifi” — that gives about 10 minutes of free access to anyone, or unlimited access to other Comcast customers. Comcast says the new wireless network is completely separate from your existing home network, and that public WiFi users don’t have access to any shared files or resources. Regardless of Comcast’s suggestions that this move to use residential routers as public hotspot in “no way” jeopardizes our personal information or internet performance is not going to be accepted by the majority.

To make this even worse Comcast has released an Xfinity WiFi app for finding nearby hotspots — and yes, if your residential modem has been co-opted by Comcast, it will show on the map. I can just see it now, a vehicles finds your house on the “Xfinity WiFi app” and cars park in front of your house while the driver gets online.

I mentioned this above as well, but another problem in addition to the possible risk of personal data, regardless of Comcast’s assurances that this wont happen is the possible degradation of your home internet speed.

With 50,000 hotspots already enabled in Houston, 150,000 more planned for the end of the month, and then 8 million more across Xfinity hotspots across the US before the end of 2014, one can assume that Comcast has a lot of extra capacity. Either that, or it’s intentionally trying to clog up the network for its paying customers perhaps so it can levy further charges from related providers like Netflix.

What do you think, do you want Comcast using your connection as a “public hotpost”?

Share This: