The popular security site WordFence recommends updating all Wi-Fi accessible devices, starting with mobile phones and tablets that could connect through public Wi-Fi. The security issue allows hackers to crack your Wi-Fi WPA2 encryption. WPA2 protocol is an encryption that secures 60% of the worlds WiFi connections.
WordFence says, “The Wi-Fi vulnerability is being called “KRACK”, which is short for Key Reinstallation Attacks.”
At home, you’ll need to update your router firmware and any other devices that connect through Wi-Fi. Most vulnerabilities will be fixed by updating your router’s firmware. However, updating your home Wi-Fi firmware doesn’t protect you from public Wi-Fi vulnerabilities so be sure to check for updates to your devices as well.
According to WordFence:
A worst-case scenario has unfolded today for Wi-Fi devices. Researchers at a university in Belgium discovered a way to completely defeat the encryption that WPA2 provides on Wi-Fi networks.
This affects all modern Wi-Fi equipment, from mobile phones to tablets to workstations, routers, printers and more. This is a big deal and has very widespread security implications.
Wordfence has released a public service announcement about this issue (a PSA) due to its wide impact. We provide a description of what the problem is and what to do about it, along with additional resources.
Products that are known to be affected by this at this time include Android, Linux, Apple, Microsoft Windows, Linksys and more. The list of affected vendors is enormous, and vendors including Amazon, Cisco and Netgear are scrambling to release patches to fix this issue.
BleepingComputer has compiled a running list of vendors that will be growing over time as more information about patches becomes available.
In addition to the KRACK security issue, WordFence is also alerting users to another attack:
Another vulnerability known as “ROCA” was also announced this week. This vulnerability involves an attack on public key encryption which may weaken the way we authenticate software when installing it. It affects many other systems that rely on public/private key encryption and signing. Fixing this also requires you to update your devices using vendor-released software updates, so keep an eye out for security updates for your devices and workstations that fix any ROCA-related issues.
The combination of KRACK and ROCA is why we are referring to today as “Black Monday.” These are both severe vulnerabilities, and they emerged on the same day.
Below you can find more info on this vulnerability and which companies have a fix so far.
The Telegraph article listed below offers this advice to protect yourself in the meantime:
Krack attack | What to do about it
- First things first: make sure you have a password on your Wi-Fi network. If you don’t, you’re at risk of all kinds of attack
- If possible, try not to connect to unsecured Wi-Fi networks – these are often seen in hotels, coffee shops and other public spaces. You can tell if a network is secure by a little padlock next to it when you’re selecting the network
- The Krack attack affects secure networks, relying on a flaw in the “handshake” between device and router to insert a new “key” that can decrypt communications, potentially stealing passwords and credit card data
- Most banking and online shopping websites use https, an encryption technique that protects you from this flaw. You can check by the little padlock in the top left of the screen by the address bar
- The best thing you can do is update your router and devices like smartphones and PCs. Check who makes your router and try their website to find out how to patch it. Updates may not yet be available. Microsoft, Google and Apple have issued or plan to issue updates.
- Security experts say that in the meantime, if you’re really concerned, you should use a “virtual private network” (VPN) such as NordVPN or TunnelBear.