Router Wi-Fi Scare

krack-hack-image-from-thehackernewsdotcomRouter Wi-Fi Scare: a reader asks…

I just read about Wi-fi being compromised. Something called Krack. Now what do I do? I have a home router from Verizon FIOS, a Dell laptop and an iPhone.

First, be aware that this scare is way overblown by the news services. Security researchers found a way to get past the security encryption protocol WPA2 – in the lab. My guess is by the time hackers are able to weaponize this flaw, device manufacturers will have already issued updates (either in firmware or operating system updates) that will patch the hole and keep you protected. That’s not to say don’t worry about it at all, but keep all your equipment up-to-date and apply software updates as soon as they are released – this is still (and always) important.

The flaw affects every device you mentioned – all devices that use Wi-fi are affected since the encryption methodology is what’s at risk. My guess is that Verizon is going to take their sweet time about issuing an update (if they do anything). Your laptop manufacturer should have an update soon (or now), but you’ll have to go searching for it. Try https://support.dell.com. Apple reports that the update for iOS is already in beta testing and will be rolled out to consumers within a few days.

Advertisement

The security vulnerability has a significant drawback for a hacker – physical distance. A hacker would have to camp outside your home in order to snoop on your FIOS router and  home network. Or be close to your laptop or iPhone while they are using Wi-fi someplace else. I have to tell you that the chances of that happening are pretty low. That said, if you’re still worried, here’s some things you can do to limit your exposure:

  1. Turn off Wi-fi when you’re not actively using it. You may not need to bother with your FIOS router, but certainly you can quickly put your computer/iPhone in Airplane Mode, and/or just turn off Wi-fi.
  2. Avoid using public Wi-fi networks. If you are going to use a public network, you should only be using secure protocols (the s in https://whatever.com), not unsecure (http://whatever.com).

If you are interested in following this as it develops, check out https://www.krackattacks.com/ which is the website of the security researcher (Mathy Vanhoef) reporting on this vulnerability – KRACK stands for Key Reinstallation Attack. He’s even got a logo designed for the vulnerability (picture at right). I think you’ll be reading a lot about this vulnerability in major publications, but I have to say that the hack is pretty sophisticated and descriptions will probably fly over everyone’s head. Suffice it to say that you should be looking to your device manufacturers for updates to patch the flaw sometime soon.

This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:

Click or tap to open a new browser tab or your Venmo app and send money via Venmo to @positek
(@PosiTek)

Click or tap to open a new browser tab or your Paypal app to send money via your Paypal account to support@positek.net
(Support@PosiTek.net)

Click or tap to open a new browser tab or your Paypal app to send money using your credit card to support@positek.net (no Paypal account required)
(using any credit card)

or by mailing a check/cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!

Leave a Comment

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

This site uses Akismet to reduce spam. Learn how your comment data is processed.