• #1 NetSpot
  • WiFi security
  • 4.8
  • 969 User reviews

The KRACK WiFi vulnerability, how to protect yourself

A recent reveal of a serious security flaw in WPA2 protocol shows how vulnerable the latter is allowing attackers within range of a device or access point to intercept passwords, email messages, and other data that is supposed to be encrypted. Sometimes the attackers can even infuse ransomware or other malware into a website a user is visiting.
  • NetSpot
  • WiFi security
  • 4.8
  • 969 User reviews
KRACK (or Key Reinstallation Attacks) is an exploit that affects the core WPA2 protocol itself and can be used against Android, Linux, and OpenBSD devices; a little bit less effective against macOS and Windows, as well as MediaTek Linksys, as well as some other devices.

What is KRACK and how it works

The site with research results noted that attackers can use the exploit to decrypt multiple types of sensitive data that is usually considered safe as it is encrypted with Wi-Fi encryption protocol.

What KRACK does is it tricks the vulnerable client into reinstalling a key that is already in use

KRACK exploits a four-way handshake that's normally executed when a user connects to a WPA2-protected Wi-Fi network. Handshake is executed to confirm that both a user and an access point bear the correct credentials. What KRACK does is it tricks the vulnerable client into reinstalling a key that is already in use, forcing the reset of packet numbers with valuable parameters. This way the cryptographic nonce is reused to allow the encryption to be bypassed.

There is more insight on KRACK in the article by Sean Gallagher, and Dan Goodin, Ars Technica.

The biggest threat KRACK poses is to large corporate and governmental Wi-Fi networks, especially if they accept connections from Linux and Android devices. The hackers should be within the attacked Wi-Fi range in order to carry out the attack, they probably wouldn't bother much with home Wi-Fi networks, plus there are easier ways to attack small home Wi-Fi, again, especially if they connect with Linux or Android devices.

Check your encryption with NetSpot

Powerful advanced tool for multiple Wi-Fi networks Surveys, Analysis and Troubleshooting.

How to protect yourself from the KRACK attack

1. Avoid public WiFi

Public Wi-Fi is an easier target for hackers, and public networks are not that well-protected to start with. To stay on the safe side, both public and office networks need to update their systems, and still a good idea would be to stay away from public networks until the issue is resolved.

2. Use wired connections

If you feel like the access points you are using may be vulnerable, try to use wired connection for some time.

3. Use reliable WEB protocols

If you don't have a possibility to use a wired connection, make sure you are using HTTPS, STARTTLS, Secure Shell, or another reliable protocol.

4. Use VPN for extra encryption

Consider adding an extra layer of security with a VPN service. Make sure to choose a reputable VPN provider that you can trust though.

5. Consider cellular

If you have a good cellular data package with enough speed, try using it when possible, especially instead of some public connections. While there can still be issues with this solution, especially on Android 6.0 and later, it is a better way to connect and stay protected from hackers.

6. Patch your devices

Most of tech hardware and software vendors reacted to this breach fast and are providing patches for devices. Don't put off patching your phones, laptops, Wi-Fi base stations, and other gear. Patch asap if you have an iPhone, Mac, or Windows computer.

If you have an Android device — an update is soon to come. Some of the Wi-Fi access points also have patches available, so be sure to check for one. Many routers don't update automatically, so go ahead and see if yours can be updated right now.

Check your encryption with NetSpot

Powerful advanced tool for multiple Wi-Fi networks Surveys, Analysis and Troubleshooting.


What is KRACK?

KRACK ("Key Reinstallation Attacks") is a replay type of network attack that targets WPA2 protocol's flaws. This attack is equally dangerous for all major software platforms, including Microsoft Windows, macOS, iOS, Android, Linux, OpenBSD. The network security protocol that is considered safe can be bypassed, allowing a cybercriminal to intercept the data sent and received over the network.

How does KRACK work?

The attack exploits the four-way handshake mechanism used for connecting to a WPA2-protected Wi-Fi network. The four-way handshake also negotiates a new encryption key for keeping all subsequent traffic secure.

By manipulating the handshake messages (the message 3 specifically) the attack tricks its victim into reinstalling an already-in-use key. By forcing nonce reuse in a specific manner, the encryption protocol can be attacked with subsequent forgery, replay, and decryption of packets.

How to protect yourself from a KRACK attack?

There are some things you can do to avoid a KRACK attack:

  1. Use public WiFi only when you really need it.
  2. If possible, use wired connection rather than wireless.
  3. Make sure you are connecting through secure protocols, e.g. HTTPS, STARTTLS, Secure Shell, etc.
  4. Connect through VPN for an added layer of security.
  5. Use your own cellular connection instead of connecting to an unprotected wireless network.
  6. Install updates on your devices, they usually contain patches against the latest security threats.
Have more questions?
Submit a request or write a couple words.

Read next in All about Wi-Fi

If you want to dive deeper into this Wi-Fi thing, check out the following articles about Wi-Fi security, the best apps for wireless networking, inflight WiFi, etc.
Get NetSpot for Free
Wi-Fi Site Surveys, Analysis, Troubleshooting runs on a MacBook (macOS 10.12+) or any laptop (Windows 7/8/10/11) with a standard 802.11a/b/g/n/ac/ax wireless network adapter.
Free WiFi Analyzer
NetSpot for iOS
Heat Maps & Speed Test