Security Updates - Krack

Up to date information on the most asked about topics
Post Reply
[Ben]
Posts: 325
Joined: Sun Jan 17, 2016 5:10 pm
Contact:

Security Updates - Krack

Post by [Ben] »

So earlier this week, a research paper was publicly published explaining a new exploit known as "KRACK", which is somewhat throwing the internet into a massive panic.

Krack is an exploit that defeats WPA 2 Encryption making data sent from your device to your router can be intercepted, read and in some cases manipulated. For the uninitiated, just about every form of WiFi adapter on the planet uses WPA2 encryption, so in short this exploit effects the entire globe.

A slightly more detailed explanation for those interested: An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

Now the tools for using this exploit have not been released yet, and the authors of the paper are intent on giving the industry sufficient time to patch the exploit, but eventually it will be available by nefarious asshats which could put you at risk.

So far Microsoft have already released a security update for windows 7,8 and 10 over the weekend. (I ironically uninstalled it, because it broke my Total War: Warhammer 2, but rest assure i will be reinstalling it now). Other companies like Apple and Google are working on patches that should come out in the next few weeks.

The most important thing you as a user needs to do is to look out for updates on your devices you use: Phones, laptops, desktops, tablets etc. This means OS software as well as drivers for things like network adapters, intel have already started patching chipsets in many of their laptops.

Secondly checking for and updating the firmware of your router will be an extra measure you can take. Although Krack primarily focuses on attacking the client and not the access point, it certainly won't hurt to update the firmware of your router to help protect against tweaks to krack that want to try and come in the other way. Updating router firmware will probably be a longer wait for manufacturers to get the fixes out, but it's something to keep in mind.

Finally another protection you can take is installing browser extensions such as "HTTPS Everywhere", KRACK does not defeat the HTTPS encryption consistently, there are some specific circumstances where it can, but you will be better off in general always browsing with HTTPS.

Over the next few weeks, everyone should be keeping an eye out for software updates to their devices to help keep them protected.

Regards,
Ben.
You couldn't script your way out of a cardboard box.
ashley
Posts: 328
Joined: Mon Jun 01, 2015 1:51 pm
Contact:

Re: Security Updates - Krack

Post by ashley »

Added this to Global Announcements.

Also is this wireless only or will it affect me if I have an ethernet connection?
StRiKeR
Posts: 293
Joined: Sun Jan 17, 2016 5:10 pm
Contact:

Re: Security Updates - Krack

Post by StRiKeR »

ashley wrote: Tue Oct 17, 2017 6:18 pm Added this to Global Announcements.

Also is this wireless only or will it affect me if I have an ethernet connection?
WPA 2 stands for Wi-Fi Protected Access 2, so is a wireless security measure. If you run everything via cable with the WiFi net off you are fine, but I suspect you may still have devices like a smartphone, tablet, smart TV, whatever in your household that may use a wireless connection to your router? The traffic from and to those devices can potentially be attacked.
[Ben]
Posts: 325
Joined: Sun Jan 17, 2016 5:10 pm
Contact:

Re: Security Updates - Krack

Post by [Ben] »

Update to this - For Apple devices IOS 11.1 contains security updates to patch the KRACK vulnerability.
You couldn't script your way out of a cardboard box.
Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests