KRACK- Key Reinstallation Attack is bad news for all things Wi-Fi. This includes a lot, if not all, of the wearable devices that require WIFI networks that we have mentioned. Not to mention the thousands of Internet of Things (IoT) devices (such as Google home device) in the consumer market and already in many homes.
KRACK allows hackers to intercept the WPA2 encryption one-time key. Attackers can use brute force attacks to gain access and copy the encryption key. Once an attacker has the key, they are part of the network and that spells trouble for everyone on the network. This could be a serious predicament for protection of sensitive information related to identity theft, financial loss and particularly for us, sensitive healthcare data.
The good news, like always with these types of attacks, a security patch update should fix the problem. However, it is the time required until it becomes available that causes the issues. Until then, every device that uses protected wifi networks is open to the KRACK.
Microsoft has already got their patch out to the public. Google and Apple, amongst many others, are working on theirs.
Here is a quick demo of what KRACK is all about:
Read more about KRACK here:
Discovered by Mathy Vanhoef of imec-DistriNet, KU Leuven Our research paper behind the attack is titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 and will be presented at the Computer and Communications Security (CCS) conference on Wednesday 1 November 2017.
On a related note, there are many secure Virtual Private Network solutions for devices. For instance, Android devices have the option to use Andriod’s Wi-Fi assistant. This Android tool, which originated from Project Fi, automatically connects your device to open “trusted” Wi-Fi networks and secures them with Google’s Virtual Private Network (VPN).
Better safe than sorry.
Read more here:
https://support.google.com/nexus/answer/6327199?hl=en