Key Reinstallation Attack (KRACK) is a WPA security vulnerability. WPA2 is a protocol that makes wireless connections work with practically every device. Serious weaknesses have been discovered in WPA2. The flaw means that all devices are vulnerable to hackers who want to pick up on all the Internet traffic flowing in and out of laptops, cell phones, smart home devices, and anything else with a WiFi connection.
Hackers must be near your device to use this attack. This significantly cuts back on the scale of attack a single hacker can carry out at once. The bad news is that the attack can be carried out on virtually anything nearby with a WiFi connection, making most devices vulnerable.
Changing the password of your WiFi network does not prevent or mitigate the attack. Instead do the following.
- Make sure your router's firmware and all of your devices are updated.
- After updating both your client devices and your router, it is never a bad idea to change the WiFi password.
The most important thing you can do is update your devices as patches become available. Next, you'll want to consider patching your router firmware if the manufacturer doesn't update it for you automatically. See CNet KRACK Wi-Fi Bug: Here's How to Protect Yourself for a thorough list of steps to take to secure your network and ZDNet Here's Every Patch For KRACK for additional information on current patches.
Note: Even if you patch your Android phone and your home router, you could be vulnerable if you connect your phone to another unpatched router. For the time being, the safest thing to do is to avoid using WiFi on your phone if possible.
The data often moving through your typical coffee shop's wireless network is completely unencrypted, meaning hackers can easily infiltrate the network to pick up your Internet traffic and read it. What KRACK can do is make any WiFi network as unsafe as a public WiFi network.
If you have an old router and don't think the manufacturer is going to patch it, it is advisable that you get a new router later after the patch has been implemented. The Wi-Fi Alliance® announced it will require manufacturers to verify that new routers are no longer vulnerable to KRACK; see Wi-Fi Alliance® Security Update for more details. However, the routers on the shelves today haven't been checked. You will need to update your phones, computers, and other devices that use WiFi to connect to the Internet.
Note: Cox-issued routers have firmware updates automatically pushed to them. We are working with our vendors and currently do not have a date for when the updates will be pushed. These types of updates can typically take several months.