You are Probably under KRACK!
Updated on July 13, 2021: From now on, traffic filtering, malware protection, and suspicious DNS activity blocking are available as a part of the separate DNS Firewall app.
In the latest article, we’ve described the perils of wireless networks. The next thing you know, a new online threat is making waves around the world. Coincidence? Judge for yourself.
Key Reinstallation Attack (aka KRACK) is a network vulnerability that has recently been discovered by Mathy Vanhoef of the imec-DistriNet research group. What’s the big deal about this one? Well, it turns out to threaten EVERY modern protected WiFi network and ALL devices connected to one. Yes, the situation is exactly as scary as it sounds. No, we are not exaggerating. Read on to learn more about this threat and the ways to fend it off.
KRACK abuses a massive weakness in WPA2, a protocol used to protect all modern secured WiFi networks. Which means it’s not about individual implementations or products – if you are using a protected WiFi network, you can be affected. Using the KRACK technique, an attacker can intercept, read, and in some cases manipulate the data transferred via the network. This includes sensitive information such as CC numbers and passwords, emails, chat messages, photos – basically anything!
The discovered vulnerability stems from a 4-way handshake confirmation process of the WPA2, executed when you try to join a WiFi network. During this process, parties check if the entered password is correct, and exchange encryption keys. The latter will then be used to encrypt the traffic between a device and a wireless network.
The operating principle of Key Reinstallation Attacks is as follows. The third handshake normally transfers the encryption key and confirms its receipt. If the reception is not acknowledged, the internet access point will resend the key. Malefactors can intercept these messages and transform them, resulting in your protected WiFi connection using a compromised key.
It is obvious from the description of this attack that any device connected to a WPA2 secured network is in peril. However, due to certain specifics of Linux and Android WiFi clients, they are especially prone to KRACK. According to Mr. Vanhoef, “currently 41% of Android devices are vulnerable to this exceptionally devastating variant of our attack.”
Warding off KRACK dealers
Despite the seriousness of this new hazard, there are ways to protect yourself. First and foremost, this is a patchable problem, so make sure that your software is fully updated. The research shows that “a patched client can still communicate with an unpatched access point, and vice versa”. This way, you will secure your device, even if connected to a compromised network.
The only con to this solution is the fact that releasing updates takes time, depends on your service provider, and there is no way to know how long you will have to wait for the patch. Staying unprotected is especially dangerous now, when the weakness became known to public. So we recommend adding another level of security for your private data, namely – additional encryption.
You see, the KRACK vulnerability only affects WPA2 encryption protocols, which turned out to be sloppy at best. Mathy Vanhoef mentioned in his research that, for example, using websites with HTTPS may provide an additional layer of protection against such attacks. However, in our opinion, this is a band-aid. If anything, not all of the websites you browse utilize HTTPS, and tracking the type of connection will soon become quite a hassle.
The solution that we suggest is turning to VPN services. One of the features of a proper VPN is data encryption, which means that even if a hacker KRACKs your network and lays hands on your traffic, he won’t be able to decipher and read it. For example, VPN Unlimited utilizes the military-grade AES-256 encryption algorithm, which is famous worldwide for its reliability. With such a service, you will always have all of your device’s traffic secured, no matter the networks you connect to or the websites you visit.
So what are you waiting for? A malefactor may be hacking your network at the very moment while you are reading this piece. Don’t risk your own safety – download VPN Unlimited now to get a free 7-day trial and repel KRACK!