Krack Attacks - WiFi Issue - The realistic risk to you

By : Administrator
Published 24th October 2017 |
Read latest comment - 1st November 2017

There has been a lot of noise and hype about the WiFi WPA2 encryption vulnerability and I must admit I didn't really understand what the implications were or how worried we should be.

In a nutshell, the vulnerability is with the encryption handshake a device makes to the WiFi router. 

In simple terms the handshake is a series of messages a device (phone, laptop etc) needs to connect securely to a WiFi router. It goes like this:

1. hello world, I'm the WiFi router and anyone with the right password can connect.

2. Hello router I'm a trusted phone, can you send me the encryption key.

3. No probs phone here is the key.

4. Thanks Router got it, lets send lots of data securely.

The Krack Attack is where it makes the router resend message 3 (the encryption key) by inserting some noise, so the router thinks the phone didn't get message 4. At this point the router will reset the encryption variables  which is where there is the potential for another device to decrypt or insert code.

In reality, few people really care about your home network, or even your office network. The real threat is more likely to be in public WiFi spots such as coffee houses, garages while you get your car serviced, libraries etc. But as with any public network common sense and basic security will serve you well.

Don't browse or look at anything that's sensitive in a public network. eg don't do your online banking in the Coffee Shop!

If you want to learn more about it and fancy going a bit techy, there is a great video to watch below.

 


Steve Richardson
Gaffer of My Local Services
My Local Services | Me on LinkedIn
Comments

Blimey, nowhere is safe! Thanks for the info Steve.


Many thanks,
Natalie - Your Local Girl Friday

I'm definitely very wary of open WiFi and in fact they rarely support what's app so I tend not to use them anyway as that's my main form of communication on my phone. 

Thanks for the info, I'm sure some people are overly paranoid and some are totally oblivious to potential risks. 

Would something like using PayPal to buy something on eBay be risky on public WiFi? As I bet lots of people do that sort of thing without a second thought these days. 


Would something like using PayPal to buy something on eBay be risky on public WiFi? As I bet lots of people do that sort of thing without a second thought these days. ”
 

Absolutely, Paypal, banking or anything reliant on secure credentials. 

As with most security, most of it can be covered off with a little commonsense and being  a little streetwise.

Few people will be trying to hack your average home WiFi network, but make sure you do use complex passwords, use an up to date decent antivirus and malware (not a freebie one) and if you are sat in the Premier Inn using their WiFi, it's probably not the best time to check your online banking 


Steve Richardson
Gaffer of My Local Services
My Local Services | Me on LinkedIn

“few people will be trying to hack your average home WiFi network, but make sure you do use complex passwords, use an up to date decent antivirus and malware (not a freebie one) and if you are sat in the Premier Inn using their WiFi, it's probably not the best time to check your online banking 
 

Hmmmm see we do use a free one that my husband, who used to work in software testing, insists is decent enough...   


Hmmmm see we do use a free one that my husband, who used to work in software testing, insists is decent enough...   
 

Hubby will know best because us hubbies do  I'm more of the old adage, you get what you pay for.

Years ago in my IBM days when I could still spell techie, there were a number of free AV products that were left wanting. A popular free one used to be AVG which regularly got trounced and caused all sorts of problems.

No doubt it's all tickety boo now, but if I have a choice of taking my car to a garage versus my mate doing it for free, I'll always pay for a professional service 


Steve Richardson
Gaffer of My Local Services
My Local Services | Me on LinkedIn

Depends if the mate is a qualified mechanic surely? 


Depends if the mate is a qualified mechanic surely? 
 

Suppose it will help, but it's nicer having the car fixed undercover in a garage with access to the proper tools, rather than Bob with his Swiss army knife. Plus it's the only time the car gets a clean 


Steve Richardson
Gaffer of My Local Services
My Local Services | Me on LinkedIn

This Thread is now closed for comments