A serious Wi-Fi vulnerability was revealed yesterday, affecting nearly every Wi-Fi network and device using WPA or WPA2 security encryption. The Wi-Fi exploit, first reported by Ars Technica, takes advantage of a particular security flaw in the WPA2 wireless security standard, allowing attackers to intercept personal data as well as insert malware into websites a user visited.
Attackers can potentially gain access to encrypted information like usernames, passwords, and credit card data. Luckily, companies are already patching the flaw in order to prevent this potential hack from happening, but you'll need to do a little work on your end and update your devices.
Image credit: John Moore/Getty
The vulnerability, KRACK (short for Key Reinstallation Attacks), tricks a wireless access point into reusing an in-use encryption key, allowing the attacker to decrypt and read data that was meant to stay encrypted. "Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others are all affected by some variant of the attacks," said the researchers who uncovered the vulnerability.
How to Fix It
The easiest way to protect yourself? Update your device — that is, wait until the manufacturer does. Microsoft already released a software update on October 10 for supported versions of Windows, fixing the vulnerability before it affected anyone. Apple says it has patched the issue in upcoming updates for its products, according to 9to5Mac. We've reached out to see when the patches would be released.
The US Computer Emergency Readiness Team (US-CERT) has compiled a list of manufacturers that have been notified about the vulnerability, as well as whether or not they have provided information concerning updated devices. Be sure to check if your wireless router's manufacturer is on the list, and update your router following their instructions.
As always, you should steer clear of public Wi-Fi networks if you can help it, and continue to use WPA2 encryption on your devices, as it's still the most secure option available.