wifi vulnerability vpn krack

New WiFi connection vulnerability discovered. Here’s what you need to know about “KRACK”

Security researchers have discovered a vulnerability in the WPA2 protocol which allows for virtually any WiFi network to be hacked, potentially leaking sensitive data.

When you connect to a password protected WiFi network, you probably think that your connection, and all the data you transfer over WiFi, is safe. Unfortunately, researchers at the KU University of Leuven (Belgium) have discovered a vulnerability which makes it possible to compromise virtually any modern wireless network. The attack is a Key Reinstallation Attack (KRACK for short) targeting the WPA2 protocol which is used in almost all WiFi networks.

Who is impacted?

KRACK is a particularly devastating vulnerability because it targets a weakness in the WiFi standard itself. This means the problem is not isolated to specific vendors or products, but literally every single modern, WiFi capable device. In other words, every single WiFi network and WiFi capable device is potentially impacted. Basically, if you have a WiFi capable device and you use WiFi, you are vulnerable.

What can an attacker steal?

A compromised WiFi network can allow an attacker to steal a wide variety of sensitive information. Compromising the connection between a router and your device can jeopardize private information such as credentials, credit card numbers, chat messages, documents, emails, photos, and anything else that is transferred over the network. Moreover, attackers can also manipulate information transmitted to a potential victim by injecting malicious code or ransomware into websites.

How does KRACK work?

KRACK is a vulnerability in WPA2, the protocol ensuring an encrypted connection established between a WiFi access point and a connected device. In order to connect to a private WiFi network, a device and a router communicate through what is called a four-step cryptographic handshake. By exchanging pre-set credentials (e.g. WiFi password) and mutually agreeing to a one-time use encryption key, WiFi devices can connect to a WiFi router securely.

However, by manipulating the cryptographic messages exchanged during the handshake, it is possible to force WPA2 to re-use the one-time use encryption key over and over again. This introduces a weakness which allows the encryption to be broken, allowing the attacker to intercept and decrypt the transmitted information. In order to perform this attack, the attacker must be within range of the target WiFi network. The full technical description of the attack can be found here(new window).

How to protect your WiFi connection

Because this is a newly discovered vulnerability, there are still no updates you can install to protect your devices against the KRACK attack. However, there are still several ways that you can protect yourself.

First, you can use a VPN service. A VPN (Virtual Private Network) establishes an encrypted tunnel between your computer or mobile phone and the VPN server(new window). This encrypted tunnel makes it impossible for an attacker to view your internet traffic, even if you are connected to a vulnerable WiFi network. In fact, a VPN can even protect you internet traffic if you are connected to a public/unprotected network. By using a VPN, you render yourself immune to KRACK.

Proton VPN provides a completely free VPN(new window) service which can be used to protect your internet traffic, even if you are connected to a hacked WiFi network.

In addition to using a VPN, there are few other safety tips to stay safe on WiFi:

  • Always visit sites with SSL encryption. Make sure all the sites you visit are HTTPS instead of just HTTP. HTTPS sites have an additional layer of encryption which can protect your traffic even if the WiFi network is compromised. For example, visit https://protonvpn.com and not https://protonvpn.com
  • Install the latest software updates. Currently, there are no patches available for KRACK, so you should consider using a secure VPN service(new window). However, most software providers like Microsoft Windows, iOS, Android, etc, will eventually release patches. Keeping your operating system patched and up to date will help to protect against KRACK in the future.

Until software updates are released to patch this vulnerability, the only way of staying safe against a key installation attack on your devices is to secure them with a strong VPN connection. Given the fact that VPN services such as Proton VPN are completely free, we recommend just using a VPN, especially since it brings other benefits such as protecting your privacy.

You can get your free Proton VPN account by signing up here.
Afterward, you can download free VPN here.

Related articles

Apps like discord
  • Privacy deep dives
Here's why you might want to consider a Discord alternative — and the pros and cons of seven other apps like Discord that you may want to switch to instead.
Computer screen showing the World Series 2024 logo
Find out where to watch the World Series, when it starts, and how to securely stream it online with Proton VPN.
Computer screen with a shield that has a lock on it, demonstrating secure network access via a dedicated IP address
Learn what network access control is and how a business VPN can help keep your business data safe against hackers.
Telegram security
  • Privacy deep dives
Is Telegram safe to use? As we’ll discuss in this article, that very much depends on how you use it.
A vote going into a US ballot box for the 2024 US presidential election
Find out how to watch the 2024 US election results live from abroad and which broadcasters are streaming news coverage online.
Anyone can use Proton VPN’s Chrome and Firefox browser extensions for free, making it easy to protect your privacy and bypass censorship.