Yes, even your WiFi at home..Read on.
Globally a new security vulnerability has been discovered by a security expert called Mathy Vanhoef at the University of Leuven in Belgium. His findings showed that the widely used encryption system for wireless networks could still give attackers an opening to steal sensitive information such as emails, chats and even credit card numbers.
Currently there are many statements that have come out on multiple new channels and online media.
What is the attack called?
Key Reinstallation Attack, aka KRACK.
How does it work?
This vulnerability, aka exploit to IT guys, allow hackers to eavesdrop on Internet traffic between computers/devices and wireless access points. The attacker sits in between the wireless access point and your device while trying to inject/manipulate data into your devices’ wireless as your browse or as background applications run.
My initial review tells me that the person has to be within range of your wireless access point for this type of an attack to take place.
Here are the keywords used in official quote – “Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
Windows based devices, Cisco devices, Intel based devices and Samsung devices. Samsung being the most affected. They are “exceptionally devastating” for devices that run Android 6.0. Apple, and Linux based users are affected with a variant of the actual attack.
What to do?
If you are already using Windows 7 and above Operating systems, Microsoft has already released updates for it. On a Windows 7, 8 devices, check that your windows updates are set to automatic. Then force the search for the updates and let them install. On a Windows 10 device, it is already set at automatic and you don’t get a choice.
For all other devices install the latest updates as and when they become available.
Almost all home routers etc…use an Intel based chipset as its processor. I’d be looking for firmware updates on these from manufacturer on their website. You can also do this by logging into your router and checking for updates.
For the moment, do not connect to any public WiFi networks or networks that do not know about this attack yet. I’d be more inclined to use my 3G or 4G instead.