Until devices using Wi-Fi have a security patch for the KRACK vulnerability, follow these steps to help protect them:
Security researchers 1 discovered a major vulnerability in Wi-Fi Protected Access 2 (WPA2). WPA2 is a type of encryption used to secure the vast majority of Wi-Fi networks. The WPA2 network offers unique encryption keys to each wireless connection client that connects to it.
Think of encryption as a secret code that can only be cracked if you have the “key,” and as a vital technology that helps keep digital data out of the hands of intruders and identity thieves.
In reality, the vulnerability, also called “KRACKs” (Key Reinstallation AttaCKs), is a group of several vulnerabilities that, when successfully exploited, could allow attackers to intercept and steal data transmitted over a Wi-Fi network. Digital personal information transmitted over the Internet or stored on connected devices, such as driver’s license numbers, Social Security numbers, credit card numbers, and more, may be vulnerable. All of this personal information can be used to commit identity theft, such as accessing your bank or investment accounts, without your consent.
In some instances, attackers can also manipulate web pages, turning them into fake sites to collect your information or install malware on your devices.
What you should do?
Wi-Fi users should immediately update their devices that access the Wi-Fi network as soon as a software update becomes available. Devices that access the Wi-Fi network are all those that connect to the Internet, such as notebooks, tablets and smartphones or smart devices, such as wearables and home appliances.
Should you change your Wi-Fi password?
No. This vulnerability does not affect the password for the router’s Wi-Fi network. Even if your Wi-Fi network is password-protected, this new vulnerability continues to put your data at risk because it affects the devices and the Wi-Fi network itself, not your home router, which is what the password protects.
The researchers who discovered this vulnerability claim that the attack could be catastrophic especially in relation to version 2.4 and later of wpa_supplicant, a Wi-Fi client widely used on Linux and Android 6.0 and later.
If you are using an Android phone, you will need to visit the manufacturer’s website to see if a new patch is available for the vulnerability.
Are hackers already exploiting this vulnerability?
Not yet. However, as with many newly discovered vulnerabilities, it is only a matter of time before hackers discover ways to exploit this hole to their advantage.
What else can you do to protect your connected devices while you wait for a software update?
Keep in mind that it may take a long time for device manufacturers to release a security patch. In the meantime, you can take some steps to protect your devices.
We recommend that users install and use a reputable VPN on all mobile devices and computers before connecting to any Wi-Fi networks. Using a VPN (virtual private network) on smartphones and computers will encrypt your web traffic , and your data will be safe against hacker interceptions. A VPN creates a “secure tunnel” where information sent over a Wi-Fi connection is encrypted, protecting data sent and received by the device.
Norton Secure VPN uses banking-standard encryption, employing the same encryption technologies implemented by major banks, so you can rest assured that your information stays safe and secure. With Norton Secure VPN, you can also browse anonymously and protect your privacy. Hide your location and online activities with this log-free VPN that encrypts your personal information without ever storing your location or online activities.
By adding a secure VPN, such as Norton Secure VPN, your web traffic will be further encrypted and protected from interception.
Additionally, by exclusively using sites that use HTTPS, your web traffic will also be encrypted by SSL and can be better protected against this vulnerability. Browsing with HTTPS adds another layer of security, using encryption through the website you are accessing.
