What is a KRACK attack?
KRACK is a flaw in the multi-step handshake system that occurs between devices. With it, a hacker could take advantage of the vulnerability to eavesdrop on your Wi-Fi traffic.
What could a hacker snoop on?
A hacker with access to a KRACK attack would be able to see almost anything you shared over your affected Wi-Fi network. This includes stuff like chat/email histories, credit card numbers, passwords, photos, and more.
How does it work?
During the multi-step handshake exchange between your machine and your wireless router, the devices confirm with one another that you’ve got the correct password and encryption keys.
The encryption keys are supposed to change frequently during your interaction with the wireless router, but KRACK allows the same keys to be re-used again and again, which makes your connection easier to crack.
What devices are affected?
Almost any device that can connect to a Wi-Fi-enabled network is affected. This includes your wireless routers, your smartphones, your tablets, your computers, etc.
The security researchers who found the vulnerability say that Android and Linux devices are the most susceptible, but that doesn’t excuse macOS, iOS, and Windows devices among others. Some manufacturers, including Microsoft, have already released updates.
How can I protect myself?
If you are forced to use an impacted machine or device without updates in the meantime, you should make sure you deploy HTTPS connections with websites whenever possible. HTTP connections (the non-secure variety) are more susceptible to snooping. Most HTTPS connections will keep you relatively safe.
When HTTPS isn’t available, you can opt to use a virtual private network (VPN) to help shield your data. If you need a reputable VPN,look towards your anti-virus provider.
Alternatively, you can use an Ethernet cable to connect your machine to the internet, as wired connections don’t broadcast your internet usage like wireless networks do.
If you’re using a mobile-enabled device, you might consider using mobile data instead of Wi-Fi until your manufacturer posts an update for your software. Mobile connections are not susceptible to the KRACK exploit.