Security breach in the WiFi encryption
In a nutshell
- Official title: KRACK (Key Reinstallation AttaCKs)
(here a link for the documentation of KRACK)
- The cause of this security breach is the so called 4-way-handshake method.
(here a Video Explanation)
- In general, every operating system is at risk. But especially Android and Linux are particularly endangered because of the so called program wpa_supplicant.
- Thereby it is possible, that Data can be manipulated.
- Good news: You just need to update your device. A new encryption standard is not needed.
- Manufacturer must prepare and publish the appropriate patches. It doesn’t matter, if you update your router or your smartphone, pc, etc. Just a update for one of the devices is enough. (It seems impossible that old and cheap devices will get an update)
- This security breach is until yet just theoretical. There were no incidents yet.
What you should do or rather pay attention at
- You should always check, if HTTPS (recognizable at the green look) is available for the website, since it is possible even with security breach to surf safely in the internet. There are already a lot of websites available, which offer this possibility. For example, the JGU, different kinds of search engines, E-Mail-provider, etc.
- It is still possible to surf in the web or writing some mails, like I said in the statement above. But you should always be careful, to NOT use or send sensible information under HTTP.
- Be sure to use an Ethernet cable, until this problem is fixed.
- It is also safe to use an VPN tunnel. Just be sure to not use a free tunnel, since they collect a lot of data from you.
- You should occasionally check your system for updates. For the next weeks there will be some patches, which will close this security breach. Windows and Apple Beta user already got this update. Normal Apple and Android user will get this update in the coming weeks. Other manufacturer like Intel, Cisco, Netgear, Aruba, etc. already released a patch.
- Temporary to change your WiFi encryption to for example WEP isn’t helpful. It’s even a worse standard, because WEP was already cracked and is even easier hackable than WPA2.