Return to protonvpn.com Facebook   Twitter   Reddit   ProtonMail

New WiFi connection vulnerability discovered. Here’s what you need to know about “KRACK”

Posted on October 16th, 2017 by in Security.

wifi vulnerability vpn krack

 

Security researchers have discovered a vulnerability in the WPA2 protocol which allows for virtually any WiFi network to be hacked, potentially leaking sensitive data.

When you connect to a password protected WiFi network, you probably think that your connection, and all the data you transfer over WiFi, is safe. Unfortunately, researchers at the KU University of Leuven (Belgium) have discovered a vulnerability which makes it possible to compromise virtually any modern wireless network. The attack is a Key Reinstallation Attack (KRACK for short) targeting the WPA2 protocol which is used in almost all WiFi networks.

Who is impacted?

KRACK is a particularly devastating vulnerability because it targets a weakness in the WiFi standard itself. This means the problem is not isolated to specific vendors or products, but literally every single modern, WiFi capable device. In other words, every single WiFi network and WiFi capable device is potentially impacted. Basically, if you have a WiFi capable device and you use WiFi, you are vulnerable.

What can an attacker steal?

A compromised WiFi network can allow an attacker to steal a wide variety of sensitive information. Compromising the connection between a router and your device can jeopardize private information such as credentials, credit card numbers, chat messages, documents, emails, photos, and anything else that is transferred over the network. Moreover, attackers can also manipulate information transmitted to a potential victim by injecting malicious code or ransomware into websites.

How does KRACK work?

KRACK is a vulnerability in WPA2, the protocol ensuring an encrypted connection established between a WiFi access point and a connected device. In order to connect to a private WiFi network, a device and a router communicate through what is called a four-step cryptographic handshake. By exchanging pre-set credentials (e.g. WiFi password) and mutually agreeing to a one-time use encryption key, WiFi devices can connect to a WiFi router securely.

However, by manipulating the cryptographic messages exchanged during the handshake, it is possible to force WPA2 to re-use the one-time use encryption key over and over again. This introduces a weakness which allows the encryption to be broken, allowing the attacker to intercept and decrypt the transmitted information. In order to perform this attack, the attacker must be within range of the target WiFi network. The full technical description of the attack can be found here.

How to protect your WiFi connection

Because this is a newly discovered vulnerability, there are still no updates you can install to protect your devices against the KRACK attack. However, there are still several ways that you can protect yourself.

First, you can use a VPN service. A VPN (Virtual Private Network) establishes an encrypted tunnel between your computer or mobile phone and the VPN server. This encrypted tunnel makes it impossible for an attacker to view your internet traffic, even if you are connected to a vulnerable WiFi network. In fact, a VPN can even protect you internet traffic if you are connected to a public/unprotected network. By using a VPN, you render yourself immune to KRACK.

ProtonVPN provides a completely free VPN service which can be used to protect your internet traffic, even if you are connected to a hacked WiFi network.

In addition to using a VPN, there are few other safety tips to stay safe on WiFi:

  • Always visit sites with SSL encryption. Make sure all the sites you visit are HTTPS instead of just HTTP. HTTPS sites have an additional layer of encryption which can protect your traffic even if the WiFi network is compromised. For example, visit https://protonvpn.com and not http://protonvpn.com
  • Install the latest software updates. Currently, there are no patches available for KRACK, so you should consider using a secure VPN service. However, most software providers like Microsoft Windows, iOS, Android, etc, will eventually release patches. Keeping your operating system patched and up to date will help to protect against KRACK in the future.

Until software updates are released to patch this vulnerability, the only way of staying safe against a key installation attack on your devices is to secure them with a strong VPN connection. Given the fact that VPN services such as ProtonVPN are completely free, we recommend just using a VPN, especially since it brings other benefits such as protecting your privacy.

You can get your free ProtonVPN account by signing up here.
Afterwards, you can download free VPN here.

We are the scientists, engineers, and developers who build ProtonMail, the world's largest encrypted email service. We're now building ProtonVPN also to ensure that everybody can have access to free and secure internet.

Post Comment

11 comments

  1. Gerald Gunia

    How do i go about using proton as my primary email client on a laptop that has none??? i would like step by step procedures as i am somewhat new to that process Regards

  2. Irina M

    You can use Proton Bridge to add ProtonMail to any email client. If your laptop has none, you can download Thunderbird from Mozilla and add your ProtonMail account there. Learn more about Bridge here: https://protonmail.com/bridge/

    You can get Mozilla Thunderbird here: https://www.mozilla.org/en-US/thunderbird/

  3. Please address comment below

    Aphids Ecology’s comment below worries me. Is ProtonVPN only 24bit?

  4. Tom

    Has Apple released iOS or MacOS update to patch this KRACK vulnerability? I already have a Proton Plus account, but would be interested to know if such a critical gap is still being neglected. Thank you.

  5. Irina M

    Yes, Apple patched the vulnerability.

  6. Ronald Albert

    Will this proton vpn effect my internet speed? can I use any browser for the internet?

  7. ard

    the statement of no patches available, should be rectified already
    Ubuntu (Linux distribution) released 16 Oct. a patch to protect against this vulnarability
    with friendly regards
    ard

  8. Dude

    As obvious as it is, it could be worth mentioning that there’s another way of staying safe against KRACK. And that is Ethernet.

  9. Simon

    Where is the ethernet jack on my iPhone?

  10. Patrick Schroeder

    How do you use Ethernet with a phone?

  11. Bob

    Would like to hear why I should switch from my current (IPVanish) to your product.
    Thank you

Leave a Reply

Your email address will not be published. Required fields are marked *

Knowledge base

 

Secure Your Internet Today

Get ProtonVPN