What you need to know about the KRACK Wi-Fi hack

Posted: Updated:
(Source: KRACKattacks.com) (Source: KRACKattacks.com)
(DATA DOCTORS) -

Q: What should I be doing to protect myself from the new Wi-Fi hacking problem?

A: Wireless internet access has always been more vulnerable to unauthorized access than a wired connection because it’s a broadcast technology.

It’s essentially broadcasting a signal, which only requires that a person with ill intent be in proximity of your signal.

Security protocols
To combat unauthorized users from accessing our private airwaves, we have had various protection protocols to choose from when we set up our routers: WEP, WPA and WPA2.

WEP or Wired Equivalent Privacy was the first way of encrypting our wireless transmissions but proved to be hackable as security flaws were discovered. Luckily, a more difficult to hack encryption was available (WPA – Wi-Fi Protected Access) when the major WEP security flaws were discovered.

As time went on, security flaws made WPA, but we could turn to WPA2, which is what most of us use today.

The KRACK problem
Although WPA2 wasn’t technically “un-hackable," it would take enough effort and time that it made random acts of hacking undesirable.

A security researcher in Belgium recently discovered was a flaw that allowed this highest level of security to be compromised fairly easily.

Codenamed KRACK (Key Reinstallation Attack), it actually exploits the protocol in a completely different way. It doesn't target the Wi-Fi access point, but the various devices that connect to it instead.

The website that explained this proof-of-concept compromise said that virtually every device that has Wi-Fi capabilities is potentially at risk and could become a victim of everything from stolen usernames and passwords to injecting ransomware into websites.

The good news
As scary as this sounds, there are a few hurdles that will make this exploit more difficult to pull off.

First off, the hacker would need to be near enough to you to access your Wi-Fi signal, so it eliminates the remote hacking options that the skilled underworld prefers.

[RELATED: Your Wi-Fi connection could be vulnerable to hackers]

This exploit primarily takes advantage of interactions with unsecured sites (http://), so whenever you see https:// in the website you’re accessing or you use a secured app on your phone, there is yet another layer of security that a hacker would have to break.

Most of today’s browsers automatically attempt to connect via https:// when it’s available, but if you want to play it safe, you can add a browser plug-in called HTTPS Everywhere.

The security researcher also notified companies ahead of the public announcement, so Microsoft and Apple have already created updates for the exploit.

Update everything!
Until a new security protocol is created, WPA2 is the best we have, so continue to use it but make sure you update every device that you use for sensitive transmissions on Wi-Fi as soon as patches are made available.

A comprehensive list of technology vendors along with any information about known updates is available from CERT Software Engineering Institute at Carnegie Mellon University. This is being updated all the time, so revisit it often. You also can check directly with your device vendor.

[RESOURCE: Router makers that have patched KRACK WPA2 Wi-Fi flaws]

The bad news
Some devices may not ever get a patch, especially older or embedded devices that have no option for updating. With the growing popularity of smart devices in the home, adding new security devices makes sense.

[RELATED: Are smart devices safe to use?]

I’ll explain more about that next week.

[MORE: Data Doctors]


Click/tap here to download the free azfamily mobile app.

Copyright 2017 KPHO/KTVK (KPHO Broadcasting Corporation). All rights reserved.