Friday, November 10, 2017

The KRACK Vulnerability

Krack is a vulnerability in the normal wireless connection method which allows an attacker to connect to your network and watch all your web traffic - usernames, passwords, credit card details, etc. and it's not the access point (modem/router) that's vulnerable; KRACK targets the devices you use to connect to the wireless network.

Potentially an attacker can 'listen in' and see all the data being transferred.

Modern Windows and Apple computers have updates available and, for Windows, the October update patched this vulnerability, however many devices are not patched - and maybe will never be!

Your Android phone and tablet and your iPhone may not get updated for some time, if ever. And it gets worse if you use modern internet connected devices like central heating systems, washing machines and even toys (the Internet of Things - IoT). These will almost certainly never be patched.

So how dangerous is it? 

Firstly an attacker must be within range of your WiFi in order to make a connection and then he needs to be able to understand the messages he sees - and that will not be easy if they are encrypted, i.e. if you are using website which show the secure padlock and the HTTPS protocol. You could use a VPN (Virtual Private Network) but that's a whole different topic and also brings about its own issues!

Basically you're in less danger than if you use a public WiFi network at your local coffee shop, etc.


Post a Comment

<< Home