Threatened by KRACK

A new security threat has been published this week that is catching people's attention. The threat is called Key Reinstallation Attack or KRACK. It is a vulnerability that attackers can use to eavesdrop on your WiFi connection and possibly even insert malicious software onto your computer, phone or tablet.

The vulnerability is bad - it is reported to affect ALL WiFi devices to some extent - but has limitations.

  • The hacker needs to be physically nearby. This is not an attack that can come from just anywhere (watch for black vans on your cul-de-sac)
  • The attack requires a bit of setup and a specific target. The bad guy can only attack one device/network at a time. They are going to have to be picky about the target they choose to try and get the best bang for the buck. Your home network doesn't present a very appealing target.

That said, you should be cautious and skeptical while out and about. Don't connect to random wifi networks (good general advice, not just for this attack) or even turn off your wifi when you're away from home. Watch for system updates on your laptops, phones and tablets and apply them.

A more technical description of the attack can be found on ArsTechnica.

A fix for this will be coming out soon.