Android Users and Telecommuters at Special Risk of KRACKs

Leave a Comment 2308 views

undefinedIn mid-October, research poured into the news claiming that advanced Wi-Fi protocols were under attack. At the time, you were probably on your phone doing something like reading emails, scrolling through social media, or checking your credit card balance. You were typing in passwords and going through the annoying routine of answering security questions.

Unless you are one of these invested researchers, it can be difficult to understand what exactly is going wrong in the world of Wi-Fi. We’ll get a handle on the basics, then focus on the attacker: Key Reinstallation AttaCKs (KRACKs).

Knowing the difference: WEP, WPA, and WPA2

Wired Equivalent Privacy, also known as WEP, is the most outdated when it comes to protecting your Wi-Fi connection. It is also the most commonly used because it is the “standard” for home networks, and people typically don’t do their research before setting up the internet. They just want to get back online – even when doing so gives hackers easy access to personal information.

In 2003, Wi-Fi Protected Access (WPA) was adopted in response to an FBI demonstration that proved WEP was unsafe on several levels. Individuals and businesses started to take encryption - network password protection - a little more seriously when government officials got involved. The Wi-Fi Alliance took it a step further by developing WPA2, which was a new tier of protection against malicious people in the digital community.     

Ten years ago, it made a big difference whether you had WEP or a version of WPA attached to your wireless network. The threats that surfaced in October prove that over time, even the “next best thing” is compromised over time. Technology is constantly evolving, and as the good guys work diligently to protect the wireless community, the bad guys find new ways to get in through the back door.

What does this all mean?

Anytime you are storing information over a Wi-Fi connection (whether you realize it or not), you are putting yourself at risk. Norton stated that highly sensitive information is at stake, like your driver’s license number or Social Security number. Whether you’re on your smartphone or working remotely from your laptop, you could even be leaking company information to an attacker.

Changing your password won’t do you any good. You can control the strength of your password by adding in special characters and numbers, but that will only slow down the breach if someone has their eye on your information.

Who is the most vulnerable?

Two categories of people are considered to be at a higher risk. People who work from home often do not connect to their company’s network. These companies are more inclined to install third-party protection measures to make sure risk is mitigated as much as possible. They are also in control of most internal updates and making sure that users stay in compliance with work policies.

If you’re working out of your public library or the local Starbucks, you lose that added layer of protection. The appeal of “free Wi-Fi” might sound good at the time, but it will hit hard later when you realize someone has accessed your stored information – how many times have you clicked the box “Remember Me” or “Save Password” when you’re prompted?

undefinedThe second group is Android users, whose devices are getting special attention from KRACKs. The lead researcher estimated that 41% of Android devices were affected when the news went public on October 16th.

So, what should you do? The most frequent recommendation out there is to get a virtual private network (VPN). According to Forbes, a VPN “creates a tunnel that encrypts your personal information and browsing activity, anyone using a reputable VPN is safe from a Krack Attack.”

Stay away from VPN services that:

  • Store your internet browsing information
  • Claim to be free (so is Wi-Fi – this is red flag)
  • Do not have a longstanding reputation

All VPN providers will claim to be trustworthy since this is a unique opportunity for tech companies to enter the market and specialize in a specific vulnerability. Do your research, and don’t tread lightly!

Did you like this article? Is there something you’d like us to write about? Let us know in the comments! Please also be sure to like and share with your friends. Check out more helpful articles like this from Digital Bloggers. 

How to make your first 10K online!

Leave a Comment