KRACK is the latest cybersecurity issue making headlines. But what is it, really? The acronym KRACK refers to an attack that can break WPA2, which secures your Wi-Fi. It was just discovered by Mathy Vanhoef, a Belgian computer security researcher. On a website created to inform the public, he explains that by using KRACK, a hacker could steal information that was previously thought to be secure – things like your credit card information, emails, photos, and passwords to websites.
What’s important is that everything that is connected to the internet is vulnerable in some way, from your computer, to your phone, to (if you have smart devices) your thermostat. In fact, smart devices are the most vulnerable to this problem, because their owners frequently fail to update them when these kinds of security issues pop up – because of this, they are an easy jumping point into the rest of your Wi-Fi network. But what’s also important is understanding that the exploit was undiscovered and has never been used to steal information. Now that KRACK has been revealed, companies are creating fixes to stop the issue before problems starts.
So if KRACK has never been used, then what’s all the fuss about? Amidst some fearbaiting headlines, it does serve as a good reminder to always stay vigilant about security. As we’ve previously said, an “it has always worked, why fix it” mentality is not compatible with your security needs. You should patch your personal devices as soon as the updates become available to stay as safe as possible. Any security you use on top of WPA2 would still work, so secure encryption systems like HTTPS are very important to maintain. And you should always use MFA (multi factor authentication) to stop hackers if they get access to your password.
For your business, you should make sure your IT provider installs patches in a timely fashion. Here at Domain, we will prioritize the installation of these patches for our clients as they become available. Our Domain Tech Academy can work with your smart devices and personal computers to ensure they are set up properly with the latest security.