What is it KRACK?
You may have heard about the latest security problem with wifi networks and be wondering what this is all about.
Yes this is a serious problem, and YES your home network is vulnerable. Every network is currently vulnerable to this new issue. More importantly, you computers, laptops, phones and other devices are also vulnerable.
What impact is there?
Potentially this impacts an extensive range of devices including Apple, Android, OpenBSD, Linux, Microsoft, smart computers, smart phones, access points, IoT devices etc. The attack cannot be executed remotely; the attacker must be within range of your wireless network ie physically near your Wi-Fi.
So what can happen? An attacker can insert themselves into your network conversations and listen to what is going back and forth. They could also potentially start changing things. If you are communicating over an encrypted link such as using https then an attacker cannot see your information. This means that your passwords will continue to stay secure.
At this time, there is no evidence that an attack tool exists in the wild but they will come sooner rather than later. Until then the attack will only be possible from a skilled attacker, however once easy-to-use tools are available the skill factor is no longer a barrier . Expect to see your neighbourhood hackers attacking your old iPhone or Android device.
What to do about it?
With this in mind you should patch all of your devices soon.
If you have an older device then the manufacturer may not release patches for this issue. This is a problem and you will need to consider upgrading your device to one that is supported.
If you need to ensure the privacy of your network usage then use a VPN to encrypt all your traffic. VPN is a protocol for encrypting all network traffic between two network points. The University has a VPN service that allows staff to connect to the internal University network from most places on the Internet. You will need to find a suitable VPN service for you.
The Bleeping Computer site is keeping an up to date list of patched devices at https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/
KRACK is an issue for all wireless networks. You should apply the security patches as soon as they become available.
Older devices may not receive security updates and are now at risk of becoming a gateway into your network and privacy. As such, sensible disposal is the preferred approach.
For devices where no patch is available you should assume that all traffic from that device can be spied on and potentially altered. Using a VPN to help mitigate this for you.