A recently discovered security flaw called Krack Attack could make your home Wi-Fi network vulnerable and allow hackers to gain access to your passwords, credit numbers and other sensitive information.
Mathy Vanhoef, a wireless security expert at KU Leuven in Belgium, discovered the issue with the Wi-Fi Protected Access (WPA2) security protocol and posted information about int on Monday. If you’re not familiar with the WPA2 setting, you may have seen it as an option to select when setting up your Wi-Fi network at home. It’s used to protect your network from hackers.
The Key Reinstallation Attack (KRACK) works against the four-way handshake that takes place when you’re joining a wireless local area network. The four-way handshake generally provides a secure authentication strategy to make it harder for systems to be hacked, but this new security attack is executed when you’re joining a wireless network. All modern protected Wi-Fi networks use the four-way handshake system, making this new security flaw dangerous to just about anyone who uses Wi-Fi.
According to Vanhoef, the Krack Attack works against all modern protected Wi-Fi networks and depending on how your network is configured, hackers could manipulate data on your device and inject malware into websites you visit.
Researchers were able to replicate the Krack Attack process on an Android smartphone to show how hackers can decrypt encrypted data. According to their research, Linux and Android devices are more likely to get hacked because of the ways their encryption keys are configured.
Krack Attack demonstration on Android device
How to prevent a Krack Attack
At this point it’s probably best to continue to use WPA2 security on your devices, however, it is recommended to make sure all your apps, browsers and other software are updated to the latest versions whenever they become available.
If there are any security updates available for your router, now would be the best time to update your device.
As for browsing the web, if you’re accessing sites that require you to submit personal information, make sure the site uses HTTPS encryption.
You can learn more about this new security flaw and find out about information on how it is being handled at krackattacks.com. Don’t, worry the site is encrypted and safe.