What you need to know about KRACK

DON’T PANIC!  It’s going to be all right.

The media is buzzing today regarding the most recent vulnerability, the Key Reinstallation Attack or KRACK, that has been found in the WPA2 protocol.  But don’t worry, it is not that bad.

Let’s break this down.

The Hackers Are Not Coming

The only way to exploit this is for the attacker to be able to “hear” your wireless signal.  That means they need to be very close to your wireless device and WiFi router/AP.  This is not an exploit that someone is going to come over the Internet from a foreign country and compromise your devices.

Someone would have to park themselves outside your house and target you.  This is probably not going to happen.

I Can See Your Data!  Is that a big deal?

This exploit does not allow someone to break into your WiFi network.  This only allows an attacker to view the data that is flying around in the air.  Almost as if it were not encrypted at all.  Which, by the way, is what happens when you connect to your favorite WiFi network when you are out and about (i.e. in a Starbucks).  In many cases your device is already transferring data that is not encrypted (by the wireless network) when you are on those types of public networks.  And the person sitting sipping the latte next to you does not even need to exploit anything to see your traffic.

So is that really a big deal?  I hope not.  Any good Internet application (Banking/DropBox/etc) is encrypting your traffic at the application level.  So any encryption at the WiFi level is just a bonus.  There are a few web sites that can be tricked into reverting back to HTTP (not encrypted vs encrypted) but it will not be your banking website that is vulnerable to that – they spend a lot of time/money making sure that does not happen.

You Might Not Even Be Vulnerable

This vulnerability in how WPA2 handles wireless encryption keys can be fixed on either the client (your device) or on your WiFi router/AP.  Microsoft issues a patch for Windows on October 10th that fixes this issue.  Apple has their fix in beta right now and will be releasing it soon.  If you have auto updates turned on and are regularly updating your devices – chances are you will be patched on the client end before you patch your WiFi router/AP.

Moral Of The Story – Keep Current On Your Updates

Make sure you are applying your OS patches to your devices as soon as they are released.  There used to be a day when folks were afraid device updates would cause issues on their devices.  Yes, that can still happen.  However, this is very rare these days.  Keep automatic updates enabled on all of your devices so that you get these updates as soon as possible.

*** Update your WiFi router/AP as soon as you have a chance to.  Go to your vendor’s (Linksys/Netgear/etc) website as soon as they have an update available and update your device. ***

Once one side or the other, your wireless device or your WiFi router/AP, are updated you will be back to having a WiFi network that is safe from prying eyes.  So updating your WiFi router/AP will fix the issues for all of the devices in your house while they are on that network.  But do not forgot to update your devices as well so that you will be protected when your laptop or phone roams to a WiFi network that has not been updated.

Here is a link to who has updates available:  http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/

Relax, everything is going to be ok.

Welcome!

Network Chatter is preparing to re-launch with new content and a podcast.  Please stay tuned!