Security researchers have recently published a wireless exploit titled “Key Reinstallation Attacks” (abbreviated as KRACK), indicating users of any wireless device currently face a severe security risk.
This vulnerability affects any device that uses the Wireless Protected Access 2 (WPA2) security mechanism. WPA2 is currently the industry’s most popular and recommended security standard for 802.11 wireless networks.
In some cases, this vulnerability may allow an attacker to manipulate data on a Wi-Fi network, or inject new data. This means hackers could steal user passwords and financial data, or even manipulate commands to wire money to themselves.
Please note: an attacker needs to be physically in range of a target Wi-Fi network to carry out the attacks.
To prevent possible attacks, you must update affected devices as soon as security updates become available.
To reiterate, every Wi-Fi device is affected by this vulnerability. This includes end-user devices such as smartphones, tablets, and laptops; as well as IoT products like smart thermostats, fridges, locks, etc.
If you are concerned about the KRACK wireless exploit, please note that it affects your mobile devices and IoT devices on any network you connect to. You should use wireless networks with caution until each device manufacturer issues an update and it has been applied.
Therefore, you should take these defensive steps:
- Update your personal devices to latest firmware as soon as it becomes available.
- Make sure your frequently visited sites (e.g. Facebook) and financial services websites (e.g. banks) show a lock on the browser tab to indicate a secure connection.
- Be aware of who is using your Wi-Fi network since any potential attack must be issued within physical range of the network.