Don’t worry too much about KRACK but minimize the usage of public WiFi for some time. “The scope of attack using KRACK is relatively narrow but yet it can serve as a tool for attackers,” said Andy Patel, security researcher for F-Secure Research Labs. “Even after this, if the tools for doing this attack are made extremely easy to use then the miscreants are sure to use them anyway.”
WPA2 standard, prevailing in almost all WiFi devices, can be used to extract information like messages, banking details and even intercept sensitive file, this was revealed by the same academics that discovered the WiFi security vulnerability. However, the hacker must be near the access point and website must not have proper encryption of user’s data.
Usage of KRACK for other than research purpose is rare but yet it is possible. Public WiFi is the most preferred target for this attack as they are not usually well secured. Patel calls them “Fundamentally Insecure”.
Sky is the most popular provider of Public WiFi in UK. Another company named Cloud has over four million users per week and has over 20,000 WiFi hotspots in UK. Free WiFi hotspots are usually provided by the same company.
Pubs, Hotels and other companies have to pay Sky customers in order to be a part of it. According to the terms and conditions for pubs, Sky has to provide an Edge router that acts as a hotspot. Business Networks are also vulnerable to KRACK attack as they have lots of users connected to one access point.
You must be wondering what can be done. Public spaces and offices running WiFi routers and hardware need to update their systems. Sky is working out whether a fix is required or not for KRACK attacks on its products. A spokesperson said that customers will be acquainted if there is any action required. If any update comes out then it will be pushed off automatically.
The same updating is required by consumers. Mobile Phones and Tablets should have the latest updated software as soon as the updates are out by manufactures.
Patel recommend the usage of the Cloud VPN (Virtual Private Network) over Public WiFi access points.
Let’s consider Home Routers now, BT and Virgin has stated that they are aware about the KRACK and they are checking whether their devices need any update or not. TalkTalk is also looking at whether any update is required.
Some of the other companies have already issued fixes for KRACK vulnerability. Apple says that it has made a fix for iOS, MacOS, and its TV and Watch operating system which will be included in the update coming after few weeks. Microsoft says that they have released the update on October 10, and Google says that it will issue a fix in “coming weeks”.
Moreover, Cisco has issued a security advisory that gives details about all the affected products, Intel has also done the same, and WiFi alliance has issued new guidelines for the same.