Wifi Krack Attack Vulnerability

You may have read in the news regarding the Krack Vulnerability. What this is is a way for a hacker to hack any vulnerable Wifi device (for safety - assume every Wifi device) and either inject code into your device through the Wifi, or read traffic that you are sending over Wifi.

What this means is that an attacker only needs to be close to you or can get in between any two devices that are communicating over Wifi while only 'seeing' one of the two devices.

Potential hacks can include:

• Ransomware (lock your computer/data for a fee)
• Viruses/Malware
• Rootkits
• Stealing usernames and passwords for apps or websites that you are logged into
• Reading of data sent back including sensitive account and encrypted website data

As a general rule of thumb, you should be applying security patches to your electronic devices regularly. You should not and this may sound obvious, install or run software from unknown or untrusted sources. If you have older devices that will no longer receive patches, you should consider donating them for recycling or other expert reuse.

You can check this BleepingComputer website to see the current list of affected devices and the companies' response (As of Nov 14, 2017):

https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/

Apple – Patch released (macOS Oct 31st, iOS 11.1)

Android/Google – Patch released, check about phone, build, security patch level Nov 6th

Microsoft – Already patched - You must also update your wifi drivers*

Linux/Ubuntu – Already patched

Most router vendors – Patches coming / Inconsistent patches since Oct 19th

If you want to read up on the exact details of this patch you can go to this website:

https://www.krackattacks.com/

Also, maybe if you like a certain hardware vendor who releases products and does not patch older devices, you should reconsider your affinity to that vendor.

It has been noted in the article below regarding a more serious chip card vulnerability that Fully Open Source Software (FOSS) by its nature is open to scrutiny and much less likely to have vulnerabilities in publicly available products, or at least prevent the public from purchasing devices with built in zero day** vulnerabilities.

https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/

And remember, there are plenty of other vulnerabilities for all device types that never make it to the press. Those are the ones that the hackers really like because they make them money. Patch your devices.

* If your Wifi driver is dated before Oct 16-19th then you should consider upgrading the Wifi Card in your PC to a verified patched Wifi card like the Intel® Dual Band Wireless-AC 7260

** A zero day vulnerability is the name for a type of software vulnerability that you have zero days to respond to patch as the bad code is already running in the affected software and the way to exploit it is now public knowledge, ripe for hacker exploitation.