Wi-fi Vulnerability May Put Your Device At Risk
A newly discovered Wi-Fi vulnerability, called a Key Reinstallation Attack (KRACK), may be putting your wireless devices and data at risk.
The flaw was discovered in the WPA2 protocol, which many rely on to secure their Wi-Fi routers.The vulnerability allows attackers to capture messages traveling between a Wi-Fi router and your phone, tablet, or other wireless devices.
While manufacturers work on deploying patches for this issue, following good security practices is the best safeguard for protecting your devices against this attack.
Good practices using Wi-Fi devices:
- Avoid unsecured Wi-Fi networks when possible. These are any open networks that do not require a password to join.
- If possible, use a VPN (Virtual Private Network) when connecting to an unsecured wireless network. VPN services are offered as an online service or can be configured on some home routers.
- Check websites for encryption when browsing. This is often indicated by a closed padlock icon in the address bar of the browser or by a URL that begins with https:// instead of http://. These websites are more secure and are not affected by this vulnerability.
- Keep your device up to date with the latest manufacturer software patches.
- Manually select Wi-Fi networks instead of allowing your device to automatically join. This adds an additional step before using a wireless network but ensures you know when your device connects and to what networks.
- Turn off your device’s Wi-Fi antenna when not in use.
- Utilize two-factor authentication where possible. This provides an extra level of security in case someone is able to capture your password.
- Log out of websites or apps when finished. This is especially important for banking and other financial websites.
Good practices for setting up a Wi-Fi router:
- Secure the router with a password using WPA2. While the recent vulnerability impacts WPA2, this is still the strongest protocol available on most home routers.
- Limit access to the router to the specific hardware ID (or MAC) of each of the wireless devices in your home. This typically involves logging into the router’s management page and adding the MAC addresses (usually found on a sticker on the device or in the device settings) to a list of approved devices. Devices not on the list will be prevented from even attempting to connect.
- Change the default password for administering the router. Factory default passwords are widely available and allow an attacker to easily compromise your device.
- When possible, limit administration of the router to physical network connections. This means you will need a device with an Ethernet connection to the router in order to manage the settings.
- Turn off remote management of the router if possible. Many newer models allow management of the router from outside of the home network, which provides an additional opportunity for attackers.
- Set the router to automatically install updates. If this is not possible, log into the management page of the router on a regular basis to check for updates.
- If the router supports a guest network, configure this for use by friends and family who visit your home. The guest network is typically isolated from the other devices in your home and saves the hassle of adding MAC addresses for devices that are not usually in your home.
- If possible, try adjusting the signal strength of the router until full coverage is reached throughout your home with minimal overreach (signal outside your home). This helps prevent attackers from sitting in a public area such as in a parked car while attempting to compromise your device.