News

WPA 2 Krack or Key Reinstallation Attack

Black wifi router in an office background. 3d illustration

By Stacy High-Brinkley

How does the hack happen?

“When a device joins a protected Wi-Fi network, a process known as a four-way handshake takes place. This handshake ensures that the client and access point both have the correct login credentials for the network, and generates a new encryption key for protecting web traffic. That encryption key is installed during step three of the four-way handshake, but the access point will sometimes resend the same key if it believes that message may have been lost or dropped. Vanhoef’s research finds that attackers can essentially force the access point to install the same encryption key, which the intruder can then use to attack the encryption protocol and decrypt data.” – Time.com

Now what? We all use Wifi at home and business in some form or fashion. These are the steps you
need to take and be ready to take when the patches are released.

Update all devices especially Android and Linux devices, this includes any smart devices including TVs. The only way a hacker can hack your wifi router is if they have access to it, for instance my router is in the middle of house and a little harder to get to than if it was near a front window. Call your provider to see if they have a firmware update for your router. Take any devices off of your wireless network that host critical data until all systems are patched.

Avoid public Wi-Fi at all costs, including Google's protected Wi-Fi hotspots until Google says otherwise. Only connect to secured services, this means web pages that use HTTPS in the URL. You should contact any company whose services you use and ask if the connection is secured using TLS 1.2, and if so your connection with that service is safe for now.

If you have a paid VPN service that you trust you should enable the connection full-time until further notice. Resist the temptation to rush and sign-up for any free VPN service until you can find out if they have been vetted and will keep your data secure. Most don’t.

Use a wired network if your router and computer both have a spot to plug in an Ethernet cable. This exploit only affects 802.11 traffic between a Wi-Fi router and a connected device.

Remember that we live in a connected world, we need to stay vigilant at all times. Once all of the
patches are released for your all of your devices in your home and or business take a day off and start patching!