wifi vulnerability vpn krack

New WiFi connection vulnerability discovered. Here’s what you need to know about “KRACK”

Security researchers have discovered a vulnerability in the WPA2 protocol which allows for virtually any WiFi network to be hacked, potentially leaking sensitive data.

When you connect to a password protected WiFi network, you probably think that your connection, and all the data you transfer over WiFi, is safe. Unfortunately, researchers at the KU University of Leuven (Belgium) have discovered a vulnerability which makes it possible to compromise virtually any modern wireless network. The attack is a Key Reinstallation Attack (KRACK for short) targeting the WPA2 protocol which is used in almost all WiFi networks.

Who is impacted?

KRACK is a particularly devastating vulnerability because it targets a weakness in the WiFi standard itself. This means the problem is not isolated to specific vendors or products, but literally every single modern, WiFi capable device. In other words, every single WiFi network and WiFi capable device is potentially impacted. Basically, if you have a WiFi capable device and you use WiFi, you are vulnerable.

What can an attacker steal?

A compromised WiFi network can allow an attacker to steal a wide variety of sensitive information. Compromising the connection between a router and your device can jeopardize private information such as credentials, credit card numbers, chat messages, documents, emails, photos, and anything else that is transferred over the network. Moreover, attackers can also manipulate information transmitted to a potential victim by injecting malicious code or ransomware into websites.

How does KRACK work?

KRACK is a vulnerability in WPA2, the protocol ensuring an encrypted connection established between a WiFi access point and a connected device. In order to connect to a private WiFi network, a device and a router communicate through what is called a four-step cryptographic handshake. By exchanging pre-set credentials (e.g. WiFi password) and mutually agreeing to a one-time use encryption key, WiFi devices can connect to a WiFi router securely.

However, by manipulating the cryptographic messages exchanged during the handshake, it is possible to force WPA2 to re-use the one-time use encryption key over and over again. This introduces a weakness which allows the encryption to be broken, allowing the attacker to intercept and decrypt the transmitted information. In order to perform this attack, the attacker must be within range of the target WiFi network. The full technical description of the attack can be found here(new window).

How to protect your WiFi connection

Because this is a newly discovered vulnerability, there are still no updates you can install to protect your devices against the KRACK attack. However, there are still several ways that you can protect yourself.

First, you can use a VPN service. A VPN (Virtual Private Network) establishes an encrypted tunnel between your computer or mobile phone and the VPN server(new window). This encrypted tunnel makes it impossible for an attacker to view your internet traffic, even if you are connected to a vulnerable WiFi network. In fact, a VPN can even protect you internet traffic if you are connected to a public/unprotected network. By using a VPN, you render yourself immune to KRACK.

Proton VPN provides a completely free VPN(new window) service which can be used to protect your internet traffic, even if you are connected to a hacked WiFi network.

In addition to using a VPN, there are few other safety tips to stay safe on WiFi:

  • Always visit sites with SSL encryption. Make sure all the sites you visit are HTTPS instead of just HTTP. HTTPS sites have an additional layer of encryption which can protect your traffic even if the WiFi network is compromised. For example, visit https://protonvpn.com and not https://protonvpn.com
  • Install the latest software updates. Currently, there are no patches available for KRACK, so you should consider using a secure VPN service(new window). However, most software providers like Microsoft Windows, iOS, Android, etc, will eventually release patches. Keeping your operating system patched and up to date will help to protect against KRACK in the future.

Until software updates are released to patch this vulnerability, the only way of staying safe against a key installation attack on your devices is to secure them with a strong VPN connection. Given the fact that VPN services such as Proton VPN are completely free, we recommend just using a VPN, especially since it brings other benefits such as protecting your privacy.

You can get your free Proton VPN account by signing up here.
Afterward, you can download free VPN here.

Protect your privacy and security online
Get Proton VPN free

Related articles

Paris Olympics
The 2024 Summer Olympics in Paris begins this July. While you’ve likely already missed your chance to get a ticket and witness the best athletes from around the world in person, there are plenty of ways to enjoy the games from the comfort of your hom
Where to watch euros
Every four years, the entire continent of Europe turns its eyes to see who will be crowned as the continent’s champion of football (or soccer for the Americans).  This is the 17th edition of the UEFA European Football Championship, in which 24 natio
How to enable location services
Location services refer to a combination of technologies used in devices like smartphones and computers that use data from your device’s GPS, WiFi, mobile (cellular networks), and sometimes even Bluetooth connections to determine and track your geogr
What is AirTag stalking?
In an era of “smart devices” that often double as spy devices, AirTags are tracking tools that are open about their function and can be vital in helping locate lost items (as anyone who has lost their car keys can attest to). However, as a recent cla
How to fix a "Your connection is not safe" error
As you surf the web using your browser, you’ll no doubt encounter websites that your browser will refuse to load, instead showing some variation of an error message, such as Your connection is not private or Warning: Potential Security Risk Ahead. 
Your search history is a window into your inner life. Anyone with access to it knows what your hobbies and interests are, your sexual orientation and preferences, the things that worry you (for example your medical concerns), your political affiliati