Today, security researchers published a paper detailing a serious vulnerability in WPA2, the protocol that secures most Wi-Fi networks today, including the one in your home. Here’s how you can protect yourself from intruders.

What is CRAC and should I be worried?,15700022,15700186,15700191,15700256,15700259,15700262,15700265,15700271&usg=GBPN3JRhgqb35

KRACK is a shorthand for reinstalling a key. When you connect a new device to a Wi-Fi network and enter a password, a four-way handshake occurs to ensure that the correct password is used. However, by manipulating part of this handshake, an attacker can see and decipher much of what happens on a Wi-Fi network, even if its owner does not know the password. (If you’re technically and security minded, you can read the full article for more details.)

RELATED: Not All «Viruses» Are Viruses: 10 Malware Terms Explained

By gaining access to your network in this way, it can see much of the data you transmit or even inject its own data — such as ransomware and other malware — into the sites you visit (at least those that use HTTP — sites that use HTTPS ). should be safer from injections).

At the time of this writing, almost all devices are vulnerable to KRACK, at least in one form or another. Linux and Android devices are most vulnerable due to the fact that they use a specific Wi-Fi client — it’s trivial to see large amounts of data being transferred by these devices. Please note that KRACK does not reveal your Wi-Fi password to an attacker, so changing it will not protect you. However, WPA2 is not irrevocably broken — the problem can be fixed with software updates, which we’ll talk about in a moment.

Should you be worried? Yes, at least a little. If you are in a single-family home, you are less likely to be targeted than, for example, if you are in a busy apartment building, but while you are vulnerable, you must be vigilant. It’s probably a good idea to stop using public Wi-Fi, even password-protected, until a fix is ​​released.

Luckily, there are a few things you can do to protect yourself.

How to protect yourself from KRACK attacks

This is a serious security issue that is likely to be prevalent for quite some time. However, here’s what you should do right now.

Keep all your devices up to date (seriously)

Do you know how your computer and phone constantly annoy you with software updates and you just click «Install Later»? Stop doing that! Seriously, these updates fix these kinds of vulnerabilities that protect you from all sorts of nasty things.

Fortunately, as long as one device in a pair is fixed — either the router or the computer/phone/tablet connected to it — the data transferred between them should be secure.

This means that if you update your router’s firmware, your network must be secure. But you’ll still want to update your laptop, phone, tablet, and any other device you’ve brought to other Wi-Fi networks if they’re not patched. Luckily, your computer, phone, and tablet will notify you of updates; Here’s what we know is fixed right now:

  • PC with Windows OS 10, 8, 8.1, and 7 are correct as of October 10, 2017 if all updates are installed.
  • poppies fixed as of October 31, 2017 if they have installed macOS High Sierra 10.13.1.
  • iPhone and iPad fixed as of October 31, 2017 if they are running iOS 11.1
  • Devices Android should be fixed starting with the November 6, 2017 security patch, which will be rolled out to Nexus and Pixel devices. Other Android devices will receive updates as they are released.
  • Devices Chrome OS should be fixed as of October 28, 2017 if they have installed Chrome OS 62.
  • Most computers running linux should be fixed if they keep up to date. Ubuntu 14.04 and later, Arch, Debian and Gentoo have released all fixes.

This is good to know, but you should also check your router manufacturer’s website periodically for router firmware updates — if you have an older router, it may not be up to date, but hopefully many newer ones should. (If you don’t have the update, it might be a good time to upgrade this router — just make sure your new one is KRACK-fixed before you buy.)

RELATED: Are my Smarthome devices safe?

At the same time, if your router not fixed, it is imperative that every device on your home network does this. Unfortunately, some may never get them. For example, Android devices do not always receive timely updates, and some may never receive them for KRACK. SmartHome devices can also be problematic as they can still receive malware that makes them part of a botnet. Keep an eye on firmware updates for any other Wi-Fi connected devices you use and email the manufacturers of those devices to see if they have released or plan to release a fix. Hopefully, since this vulnerability is already gaining momentum, device manufacturers will be really interested in releasing fixes.

Here is a list of running devices that have been patched or will receive patches soon.

Use HTTPS on sites that support it (you probably already do)

CONNECTED: What is HTTPS, and why should I care?

While you wait for your devices to receive patches, take care of your personal data. If you’re doing something sensitive over the Internet — email, banking, any site that requires a password — make sure you’re doing it over HTTPS. HTTPS isn’t perfect, and some sites haven’t implemented it properly (like, as researchers have shown), but it should still protect you in many situations.

Luckily, more and more sites are using HTTPS by default these days, so you don’t have to do anything — just make sure you see that little padlock icon when you connect to any site that requires a password or credit card details. And make sure the lock icon stays there while you’re browsing the site, as an attacker could try to remove the HTTPS protection at any time.

Change the default settings on your router and other devices

RELATED: six things to do immediately after connecting a new router

Even if your router is fixed, it does not mean that it is protected from other attacks. Someone can compromise one of your devices with a KRACK attack and then install malware that attacks your network in other ways — like logging into your router using the password it set. Make sure you don’t use the default password on any device in your home, make sure your router is using WPA2 with AES encryption, and disable insecure router features like WPS and UPnP. These are all the basic things everyone should be doing, but now is the time to double check.

Run antivirus and malware on your PC

CONNECTED: What is the best antivirus for Windows 10? (Is Windows Defender good enough?)

This goes without saying — because you should already be doing this — but make sure you have decent antivirus and antivirus software running on your computer. KRACK attacks can be used to inject malware into the sites you visit and «simply using common sense» will not protect you. We recommend using Windows Defender, which is built into Windows 8 and 10, for your antivirus, and Malwarebytes Anti-Malware to protect against browser exploits and other types of attacks. Even if all your devices are fully connected to KRACK, you must use these programs.

RELATED: Computer Security Fundamentals: How to Protect Yourself from Viruses, Hackers and Thieves

In short, this vulnerability is serious, and the only way to truly protect yourself is to make sure your router and all Wi-Fi-connected devices are up to date. But while we wait for those updates, basic computer security can go a long way: use HTTPS wherever you can, don’t use default passwords on your devices, run antivirus and antivirus programs, and update your software as soon as you get this notification. You don’t want to be attacked only to realize that five minutes of updates could have kept your data safe.

Похожие записи