KRACK – Key Reinstallation Attack
So a huge announcement came up on the internet like a week ago that took the entire world by a storm and i
t was about KRACK ! Basically its a security flaw in the WPA2 security (commonly used by everyone) . So it might attack everyone who uses a Wi-Fi ! It will target every devices available mobiles,tablets,pcs,laptops etc as long as they are on a wi-fi network !
A Bit More About KRACK
It’s a type of man in the middle attack . It was discovered in 2016 by the Belgian scientists Mathy Vanhoef And Frank Piessens but it was released public-ally a week ago and everyone is in disbelief ! A hacker will easily be able to access your data or inject some virus and ransomware into your computer .
How Does KRACK Works ?
So when you are connected to your wifi network it sends your signals to the server that are encrypted end to end or in simple words its like a packet that cannot be opened by anyone without a password or a key . This encryption is done by a key and with a particular process known as a 4 way handshake . During the 3rd message a key is installed in your wifi signal . If someone has operated a KRACK attack onto you then instead of a random key generated by the
Wi-Fi router the hacker will install the key or he’ll get that key and he’ll start duplicating it and then the message will not be encrypted anymore it will be an open signal which anyone with suitable tools and knowledge can extract or by with softwares like wireshark ! If the attacker does not want to duplicate the key he might reinstall another key or simply a blank key i.e all zero ! then it’ll be easy for anyone to extract information from it !
Android 6.0 + And Linux User On High Risk
Al tough this attack can be performed on any platform but the Linux and Android Devices running android 6.
0 or higher are at a high risk as when performing the above attack on these platform the hacker does not need to duplicate the key he can simply remove the key and re install a blank or a zero key ! This is scary ! In such a case your message will be simply not protected !
However this thing cannot be done on devices running Windows , Ios Etc
What To Do Now ?
1) Refrain Using Wi-Fi’s
Yes the most obvious and the best reason to avoid it is just by staying away from wifi as without wi-fi connectivity this attach won’t be possible ! Try using other methods of internet like a dial up connection or a ethernet connection
2) Wait For Updates !
Many companies are already working to release updates on the above mentioned threat and they’ll be available in a day or two to everyone ! Microsoft has also released an update 4-5 Days ago .
3) Look Out for the “S”
Yes and probably the most important thing do not open or entire any confidential data on sites without a s in http as they are not fully secure and the data can easily be obtained using softwares like wireshark ! Just double check a website for a s before proceeding ahead .
That all folk’s !