KRACK is a bug that can affect any device with Wi-Fi capabilities. However, the news isn’t all bad. There are silver linings that come from any catastrophe.
Cybercriminals are trying to get your devices “hooked on” KRACK (the Key Reinstallation Attack)–It’s a flaw in the WPA2 protocol, the security used on wireless networks.
Since 2006, WPA2 has been used on all certified Wi-Fi hardware. It’s meant to protect the Wi-Fi connection between your computer and router by encrypting traffic using the most updated standards. What this means is simple: Your data is encrypted so anyone who sees your traffic can’t understand it because it’s a bunch of “mumbo-jumbo.” That is until now.
KRACK can “crack” your security and read your traffic (like your confidential personal and business data). Just when you think you’re safe, something else comes along to threaten your business.
Here’s the “Good, Bad, and Ugly” on KRACK.
The Good: You May Be Ok, for Now.
For those of you who like getting the good news first, here it is:
- Although the quantity of people who could be affected is huge, the actual damage may be minimal.
- A hacker must be within Wi-Fi range to take advantage of KRACK’s capabilities.
This is good news because it means that a hacker can’t carry out an attack over the internet from a distance, but must be physically present and within range of a network.
Plus, only one network can be exploited at any given time by one hacker. This inconvenience is your saving grace: A hacker can only attack after a lot of thought and preparation beforehand. So, for most of us, we’re likely out of the “bulls’ eye.”
Golden Rule Revisited: Stay Off Public Wi-Fi. KRACK re-enforces what you’ve been told over and over again: Don’t use public Wi-Fi. It’s not secure. It makes it all the more easy for a hacker to go to the local coffee joint and hack into your devices.
Anyone who uses Wi-Fi is susceptible. That said, a successful attack on your device may be difficult to execute. Even if successful, the reward to the hacker may be limited. If someone wants to exploit this bug to hack into your device, it would demand a lot of preparation to the point where it may not be worth it.
This bug confirms what we have always known: Don’t Use Public Wi-Fi!
The Bad: The Harm Can Still Potentially Affect You.
Everyone knows crack is bad for you, even if they consume it, they still know it’s bad. KRACK, likewise, is bad. But unfortunately, it’s not a choice, unless your choice is to live without the devices that make our lives so much more convenient.
Although you’re likely not a target of a KRACK hacker, a problem still remains: There’s a serious flaw in our devices’ security technology. Patches for the bug are required, but they weren’t immediately available. However, hours after news of KRACK was made public, Microsoft had a patch already created, while Apple and others quickly followed with their own patch. ( If you use an Android device, Netgear or other brands, you may still be waiting for a patch.)
As said, KRACK is a weakness in the WPA2 system. When the WPA2 system is weakened, a hacker can get into it, and from that access point can either eavesdrop on your traffic that’s now unencrypted, or insert ransomware or malware to compromise your computer, iPhone, or other devices.
We’re just learning about KRACK, when manufacturers have known about it for an entire month!
But access to a patch for your own devices isn’t the only problem or, for that matter, patching isn’t necessarily a solution to the problem. Does Equifax ring a bell?
That’s right. A lot of large companies have your confidential information. The likely target of a KRACK hacker is a big company. If a hacker can get into a company’s network, then access to volumes of private information can be stolen. If your information is included, then you have a battle on your hands to protect your identity, finances, and everything else that matters in the digital world we now inhabit.
The Ugly: The Future of the Internet of Things is in Question.
The Internet of Things (IoT)–That was our future. A convenient interconnection of all our devices and appliances via the Internet–Where computing devices are embedded into everyday objects so they can send and receive data. Are you low on milk? Your refrigerator can send you a text. Are you stuck in the middle of traffic and want the stove turned on or off? Just tell it to do so via your phone. It’s nice having your security camera system, too, right? You can logon and see what’s happening in and around your house. These are all conveniences that we appreciate and can use to our benefit.
But we should wait a minute and reflect. The Internet of Things and all that makes it beautiful is now a possible threat. It could be years before any of these items get their own patches. What’s more, you may not even realize they need a patch. Imagine if someone intercepted your Internet of Things devices, say your garage door opener–That’s right, the hacker can now access your home conveniently and secretly, especially if they also hacked into your security camera system.
This isn’t to say all your devices connected to Internet of Things are vulnerable (though they are); but KRACK highlights the deeply flawed security network for the Internet of Things.
KRACK reminds us that everything digital can be hacked–And once all our things become connected and digital, we can be hacked, exploited, and victimized. Every rose indeed has its thorn. We try to make life a little simpler, and we just make it more complicated.
The ugly though, is always about perspective and innovation. The tech industry has taken note of the problem KRACK revealed. Auto-updates and other measures are being assessed so that when KRACK or other bugs occur, countermeasures can quickly be put into place to reinforce security and reduce threats. These measures, however, are not currently in place, that’s the ugliest part of the problem but also an indication of a hope for a solution.