Image Source: NextAdvisor
Hacks have been making headlines quite a bit recently. Before the Equifax hack, the presidential elections of the United States and France were both suspected to be hacked. There was also the recent cybersecurity breaches of U.S. nuclear power plants. Of course, we’d be remiss to forget the FBI iPhone hack that left San Francisco iPhone app developers and Apple itself up in arms.
This newest cybersecurity flaw is known as a key reinstallation attack (KRACK). And practically anyone who uses WiFi is vulnerable.
A Brief History of the Hack
The WiFi Protected Access II (WPA2) protocol protects most modern WiFi networks. When someone new joins a network using WPA2, an encryption key is generated.
Mathy Vanhoef, a cybersecurity researcher at Belgium’s KU Leuven, accidentally found an underlying security flaw in this process. He realized that if it was exploited, a hacker could spy on a victim’s phone and gain access to personal data like passwords and credit card information.
How You’re Vulnerable
Essentially, the hacker tricks the victim into reinstalling a key already in use by the hacker (hence the name) through the manipulation of cryptographic handshake messages. Once complete, instead of encrypting the traffic out, this new key allows for all communication to be readable by the hacker.
This scenario is known as a “man-in-the-middle” attack because the hacker secretly intercepts the communication between the wireless access point (WAP) and the wireless client (your phone, tablet, computer, etc.). The KRACK flaw is inherent, so any device using WPA2 correctly is vulnerable. Changing your password won’t fix it either.
Certain devices are also much more vulnerable than others. Unfortunately for Internet of Things app developers and Android app developers, their devices top the list due to how they commonly transmit data either without protection or through the WPA1 protocol. Of course, as it was with the WannaCry ransomware outbreak, devices running outdated platforms like Windows XP are also at higher risk.
Fortunately, there are limitations on how a hacker can exploit this flaw; they have to be in range of the WiFi network that you’re on. There are also ways that you can better protect yourself from becoming a victim of this hack.
Protective Measures You Can Take
The best way to secure your device is through a manufacturer-issued security update patch. Microsoft has already issued a patch. Apple says it has as well, but it’s currently only available to developers. Google is working on issuing one for Android in the next few weeks. Regardless of when you read this, it’s worth checking to see if any new patches have been released for your device.
Besides this, maintaining good network hygiene is the next best thing you can do. Avoid public WiFi networks for now. Don’t give confidential information over unencrypted connections or install anything from unfamiliar sources. Always try to use HTTPS connections over HTTP. They are much more secure.
Last but not least, utilizing a Virtual Private Network (VPN) service or encrypted apps on your phone will give you an extra layer of encryption. Right now, it’s impossible to be too cautious, so take five minutes now and make sure you’re protected.Tags: Android, android app developer, app hacking, besafe, cybersecurity, cybersecurity threat, election hacking, Equifax, Equifax hack, ethical hacking, FBI hacking, FBI vs Apple, free wifi, hack, internet of things app developers, iot, IoT app developer, iot app developers, KRACK, San Francisco iPhone app developer, wifi