Router Wi-Fi Scare

krack-hack-image-from-thehackernewsdotcom

Router Wi-Fi Scare: a reader asks…

I just read about Wi-fi being compromised. Something called Krack. Now what do I do? I have a home router from Verizon FIOS, a Dell laptop and an iPhone.

First, be aware that this scare is way overblown by the news services. Security researchers found a way to get past the security encryption protocol WPA2 – in the lab. My guess is by the time hackers are able to weaponize this flaw, device manufacturers will have already issued updates (either in firmware or operating system updates) that will patch the hole and keep you protected. That’s not to say don’t worry about it at all, but keep all your equipment up-to-date and apply software updates as soon as they are released – this is still (and always) important.

The flaw affects every device you mentioned – all devices that use Wi-fi are affected since the encryption methodology is what’s at risk. My guess is that Verizon is going to take their sweet time about issuing an update (if they do anything). Your laptop manufacturer should have an update soon (or now), but you’ll have to go searching for it. Try https://support.dell.com. Apple reports that the update for iOS is already in beta testing and will be rolled out to consumers within a few days.

Advertisement

The security vulnerability has a significant drawback for a hacker – physical distance. A hacker would have to camp outside your home in order to snoop on your FIOS router and  home network. Or be close to your laptop or iPhone while they are using Wi-fi someplace else. I have to tell you that the chances of that happening are pretty low. That said, if you’re still worried, here’s some things you can do to limit your exposure:
  1. Turn off Wi-fi when you’re not actively using it. You may not need to bother with your FIOS router, but certainly you can quickly put your computer/iPhone in Airplane Mode, and/or just turn off Wi-fi.
  2. Avoid using public Wi-fi networks. If you are going to use a public network, you should only be using secure protocols (the s in https://whatever.com), not unsecure (http://whatever.com).
Advertisement

If you are interested in following this as it develops, check out https://www.krackattacks.com/ which is the website of the security researcher (Mathy Vanhoef) reporting on this vulnerability – KRACK stands for Key Reinstallation Attack. He’s even got a logo designed for the vulnerability (picture at right). I think you’ll be reading a lot about this vulnerability in major publications, but I have to say that the hack is pretty sophisticated and descriptions will probably fly over everyone’s head. Suffice it to say that you should be looking to your device manufacturers for updates to patch the flaw sometime soon.
There are currently 680 reader comments on my articles, care to join in? Use the Leave a Comment form below/at the bottom of any existing comments. This is a good place to ask follow-on questions on this subject.

Leave a Comment

Your email address will not be published. Required fields are marked *

Copyright ©2017 Practical Help for Your Digital Life®. All Rights Reserved. Your use of this website implies that you agree to PosiTek.net® Terms of Service and Privacy Notice policies