If you’ve been reading the news this week, then you’ve probably caught wind of the KRACK (Key Reinstallation AttaCK) vulnerability, which implies some serious security concerns for almost anyone utilizing Wi-Fi networks at home or work.

KRACK impacts both the WPA2 and WPA1 Wi-Fi standards. The former is the most popular Wi-Fi standard in use today, and it’s also supposed to be one of the most secure. On that note, this vulnerability can be a bit concerning.

Curious about how it might impact you? You’ve come to the right place. In this piece, we’ll attempt to dispel rumors and help you understand how this vulnerability affects your privacy and security on Wi-Fi networks.

What is a KRACK attack?

KRACK is a flaw in the multi-step handshake system that occurs between devices. With it, a hacker could take advantage of the vulnerability to eavesdrop on your Wi-Fi traffic.

What could a hacker snoop on?

A hacker with access to a KRACK attack would be able to see almost anything you shared over your affected Wi-Fi network. This includes stuff like chat/email histories, credit card numbers, passwords, photos, and more.

How does it work?

During the multi-step handshake exchange between your machine and your wireless router, the devices confirm with one another that you’ve got the correct password and encryption keys.

The encryption keys are supposed to change frequently during your interaction with the wireless router, but KRACK allows the same keys to be re-used again and again, which makes your connection easier to crack.

What devices are affected?

Almost any device that can connect to a Wi-Fi-enabled network is affected. This includes your wireless routers, your smartphones, your tablets, your computers, etc.

The security researchers who found the vulnerability say that Android and Linux devices are the most susceptible, but that doesn’t excuse macOS, iOS, and Windows devices among others. Some manufacturers, including Microsoft, have already released updates.

How do I know if I’m being snooped on?

Unfortunately, there may not be a way to tell if you’ve been (or are being) snooped on.

On the other hand, a hacker needs to be in the range of your Wi-Fi network to attack you. With the broad scope of Wi-Fi connections available to the public, hackers will probably focus on bigger institutional networks moreso than small privately-owned home networks because of the potential gains to be had.

Fortunately, those behind KRACK’s discovery suggest that most hackers probably don’t know how to utilize the attack, so the chances you’ve been exploited are slim.

How can I patch the KRACK vulnerability?

Device manufacturers will follow up with software updates soon that patch the vulnerability on their devices. They will be released at the discretion of the manufacturer so updates may be issued by various companies at different times.

You will need to install these updates on every one of your devices, including your wireless routers, to ensure that you’re protected. Be sure to check for updates frequently throughout the day.

Note that the vulnerability has been patched in Apple’s latest developer and public betas for iOS, watch OS, macOS and tvOS

How do I update my wireless router?

Routers, unlike a computer, don’t have a screen and input devices that you can look at and interact with to install software updates. Instead, you’ll have to log into your wireless router from your computer through your favorite web browser.

Many wireless routers can be logged into by putting “192.168.1.1” in the URL bar of your web browser, but this isn’t the case for all of them. Different routers often have their own instructions for logging in depending on how they’re configured.

You may want to contact your ISP or wireless router manufacturer to learn how to perform updates on it.

What if I have no updates?

It could take some time for device manufacturers to release their updates. Apple has already said that updates for iOS, macOS, etc. will be released “in coming weeks,” and that KRACK is already fixed in the latest betas.

How can I protect myself?

If you are forced to use an impacted machine or device without updates in the meantime, you should make sure you deploy HTTPS connections with websites whenever possible. HTTP connections (the non-secure variety) are more susceptible to snooping. Most HTTPS connections will keep you relatively safe.

When HTTPS isn’t available, you can opt to use a virtual private network (VPN) to help shield your data. If you need a reputable VPN, check out some of the ones we’ve recommended in a previous roundup.

Alternatively, you can use an Ethernet cable to connect your machine to the internet, as wired connections don’t broadcast your internet usage like wireless networks do.

If you’re using a cellular-enabled device, you might consider using cellular data instead of Wi-Fi until your manufacturer posts an update for your software. Cellular connections are not susceptible to the KRACK exploit.

The wrap-up

With all the things humankind does on the internet these days, it’s imperative to make sure your information is as secure as possible. Head the warnings and take the steps necessary to update your devices so that your personal information doesn’t fall victim to unwanted attacks.

If you have any other questions about KRACK, please drop us a comment below so we can try our best to reply and spur up some conversation.

  • […] you should make sure you deploy HTTPS connections with websites whenever possible. HTTP connections (the non-secure variety) are more susceptible to snooping. Most HTTPS connections will keep you relatively safe.

    What’s ironic is that iDownloadBlog is itself using HTTP instead of HTTPS.

    • Mr_Coldharbour

      Exactly. Daring Fireball for instance has been using HTTPS for a while now.

      • Yup! So has 9To5Mac.

      • Mr_Coldharbour

        Yes them too.

    • packerrd

      The guy is just a writer, it is unlikely he has any said in technical aspects of this site.

  • mahe

    Windows is patched since the October updates (before KRACK got public)
    Cisco also already provided patches
    Synology for SRM too

    and there are many more who already provided updates

  • Erik Lindberg

    If you are using open wifi access points, you are no more vulnerable than you were yesterday. HTTPS is not affected and is still useful, so your passwords etc on most web sites are still OK. Also, the vulnerability is not affecting wifi routers unless they are used as “clients”, so updating your router won’t help much unless you update all your devices like PCs, Macs, Android, iOS and iOT devices.

    • Right, which is why we write: “You will need to /install these updates on every one of your devices/, including your wireless routers.”

  • BAiNZy3

    Will there be any way of protecting our jail-broken devices on older firmware?