Over the weekend, reports revealed that security researchers found a way to decrypt the WPA 2 Wi-Fi security protocol, and on Monday the secrets behind the KRACK hack, short for Key Reinstallation Attacks, were revealed.
It turns out the attack is “exceptionally devastating against Linux and Android 6.0 or higher,” although all Wi-Fi devices are susceptible to it, regardless of operating system.
Researchers explained that Android 6.0 and above has a vulnerability that would make it “trivial to intercept and manipulate traffic sent by these Linux and Android devices.” In total, 41% of all Android devices are vulnerable to this “exceptionally devastating variant” of the attack.
The researchers found a vulnerability in a 4-way security “handshake” that ensures devices and access points have the same password when joining a Wi-Fi network. Thus, changing the password of your home router would do absolutely nothing to stop these attacks.
Attackers are able to spy on all Wi-Fi traffic using these newly unearthed exploits because they circumvent the Wi-Fi protocol that keeps traffic encrypted. A permanent fix is in the works, but it requires companies and users to update their routers to the latest firmware. Until that happens, everyone operating a device on a Wi-Fi network is at risk. The only saving grace is a hacker would have to be within range of your Wi-Fi router in order to hack it. If you see a parked van outside your home, then you might have some serious problems.
Regardless of what operating system you might be using, you’d better use encrypted sites and VPNs to make sure your online activity is protected, and check for firmware updates for your router in the coming days and weeks. If you want to read all the technical details concerning this severe security issue, check out the special KRACK site at this link.