Changing your Wi-Fi password will not prevent attacks.A serious new vulnerability called Key Reinstallation Attack or KRACK was announced recently. It will most likely impact anyone who uses Wi-Fi. All Wi-Fi connection points and devices could be vulnerable—your home, local burger joint, barrista, or your workplace Wi-Fi.
KRACK can allow attackers access to important information like credit card numbers, passwords, and emails transmitted over Wi-Fi networks. This vulnerability can also allow attackers to potentially infect your devices with malware or ransomware.
How do you protect your devices against KRACK
- Wi-Fi users should immediately update their Wi-Fi-enabled devices as soon as a software update is made available. Wi-Fi enabled devices are anything that connects to the Internet — from laptops, tablets, and smartphones to other smart devices such as wearables and home appliances.
- Be sure you are on a secure websites using a URL that begins with HTTPS; this provides an extra layer of security because it uses encryption.
- Consider using a secure Virtual Private Network (VPN) to help protect against this threat.
KRACK targets the third step in a four-way authentication performed when your Wi-Fi client device attempts to connect to a protected Wi-Fi network. The encryption key can be resent many times during step three, and if attackers collect and replay those retransmissions in particular ways, Wi-Fi security encryption can be broken. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others.
the attacker can eavesdrop on all traffic you send over the Wi-Fi network. The hack can steal sensitive information (e.g. credit card numbers, passwords, chat messages, emails, photos, etc...). With your password, or SSN, hackers can use it to defame you and try to ruin your online reputation.
Microsoft told Windows Central that a patch quietly rolled out on October 10 protects Windows 10 PCs against KRACK.
“Microsoft released security updates on October 10th and customers who have Windows Update enabled and applied the security updates, are protected automatically. We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates”