October 19, 2017 | 5 min read
How to Avoid the Latest Massive Wi-Fi Hacking Attack
This time attackers focused on the WPA2 protocol, the security standard used in all modern Wi-Fi networks. The weakness found in WPA2 allows anyone to break this security system and steal the data transferred between your wireless device and a router. This way, intruders can access your passwords, photos, and messaging history. What’s more, the attacker can inject a virus, malware, or ransomware into websites, in case the network configuration allows.
This vulnerability may affect any device running iOS, Android, Windows, Linux, and OpenBSD operating systems. Basically, everyone who’s connected to the internet wirelessly is at risk. Despite this vulnerability is quite serious, there are some exceptions:
An attacker needs to be within the Wi-Fi signal range between your device and a nearby wireless spot.
Most sensitive communications, like financial data transmission, have already been secured using the Secure Sockets Layer (SSL) protocol. This is a standard security technology for establishing an encrypted link between a server and a client. The SSL technology allows credit card details, social security numbers, and login credentials to be transmitted securely, so the malware couldn’t do any harm to sensitive information.
To help Wi-Fi hardware vendors to produce security updates, The United States Computer Emergency Readiness Team (US-CERT) has published a list of hardware vendors known to be affected by the attack, as well as links to available advisories and patches.
According to the Wi-Fi Alliance statement, it has also joined the problem resolution. Due to the implementation of the software updates, the Wi-Fi Alliance ensures that Wi-Fi technology has already applied strong security protection mechanisms.
Good news for those running the newest Windows and iOS versions: the “KRACK” attack won’t affect their devices. Meanwhile, Android devices are still vulnerable, however, some security patches are expected to be released soon.
To avoid this Wi-Fi attack, we recommend you to follow these steps:
Try to connect any devices to your router using an Ethernet cable.
Carefully read the update instructions before updating your devices.
Surf the web using an HTTPS Everywhere browser extension (Firefox, Chrome, and Opera) or browser add-on. They force any site supporting https:// connection to encrypt your communications with the website.
Follow our blog for more IT news. Stay secured!