Chapter in this post:
KRACK is the name of a current WLAN security gap that results from a vulnerability in the WPA2 protocol. The abbreviation stands for Wi-Fi Protected Access 2 and thus actually for a security standard in Wifi networks of the standards IEEE 802.11a, b, g, n and ac. However, an update of this security protocol now seems to be necessary - because a KRACK attack, according to many sources, can be done by every single WLAN Device. In this post I would like to explain the topic a little more.
The risk is independent of the WLAN router used or the device that is dialed into the corresponding wireless network. The security gap is in the WPA2 security standard, which is used around the world and pretty much everywhere. This is actually used for encryption, but can be attacked and used as access to the individual devices. The dangers here are espionage, the placement of malware by attackers and the like.
As mentioned, attackers could use malware (viruses, Trojans, Ransomware, etc.) on the device used. Passwords, emails, chat messages, photos and other files, and credit card numbers can also be stolen. However, and this is the positive side, end-to-end encrypted data paths are safe. This means that, for example, the Google password or the bank details cannot be read out per se in online banking. If you use a network printer via WLAN, unwanted printouts could appear - depending on how creative the hackers are.
Laut Spiegel Online Linus Neumann, spokesman for the Chaos Computer Club (CCC) said the following about KRACK and online banking:
"I am not aware of any online banking provider where this attack method would be successful."- However, the addition:"If, for example, a certificate warning pops up, you should definitely not simply click it away - especially not when doing online banking."
The solution consists of updates from device manufacturers. Not (only) the manufacturers of routers are responsible, but also and above all the manufacturers of end products such as computers, laptops, smartphones, tablets, printers and other WLAN devices. A hardware update is not necessary, but a software update, which can basically be offered and distributed very quickly. So, no matter which devices you use, keep your smartphone, tablet and notebook up to date and activate the automatic updates of the system for the near future.
At this point one could point out sources that describe how exactly the security hole works, how one can hack oneself and how one can use KRACK for attacks. However, I don't want to open the door to opportunistic hackers. So here are a few tips that you can follow without understanding the WPA2 security vulnerability KRACK down to the smallest detail:
Since Monday, October 16, 2017, Apple has released beta versions for iPhone, iPad and iPod with iOS, for Mac, iMac and MacBook with macOS as well as for watchOS on the Apple Watch and for tvOS beta versions, which contain a fix / patch for the Have problem. The online magazine iMore Apple has confirmed its knowledge of the KRACK vulnerability and the corresponding counter-work:
"Apple is deeply committed to protecting our customers' data. The fix for the KRACK WLAN vulnerability is currently in the beta of iOS, macOS, watchOS and tvOS and will be delivered to customers soon."
If you do not want to install the developer betas for developers or the public beta versions, but only want to stick to official updates, then you should also note the tips mentioned above. Soon, however, the betas should result in proper updates, which will then fully protect you again. Apple is on to it.
If you use your WiFi in your house in the country, then you don't need to worry. As it results from WLAN technology and as can be read in many media, attackers who want to hack your WLAN devices via KRACK vulnerabilities need a certain spatial proximity. In a public café, in an apartment building, in the neighborhood, in an office complex or at the train station hotspot, you are more likely to be at risk.
After graduating from high school, Johannes completed an apprenticeship as a business assistant specializing in foreign languages. But then he decided to research and write, which resulted in his independence. For several years he has been working for Sir Apfelot, among others. His articles include product introductions, news, manuals, video games, consoles, and more. He follows Apple keynotes live via stream.