Key Reinstallation Attacks (KRACK) is a WPA security vulnerability. WPA2 is a protocol that makes wireless connections work in practically every device. Serious weaknesses have been discovered in WPA2. The flaw means that all devices are vulnerable to hackers who want to pick up on all the Internet traffic flowing in and out of laptops, cell phones, smart home devices and anything else with a WiFi connection.
Hackers must be near your device to use this attack. This significantly cuts back on the scale of attack a single hacker can carry out at once. The bad news is the attack could be carried out on virtually anything nearby with a WiFi connection. Your devices are likely vulnerable.
Changing the password of your WiFi network does not prevent or mitigate the attack. So, you do not have to update the password of your WiFi network. Instead do the following.
- Make sure all your devices are updated, and also update the firmware of your router.
- After updating both your client devices and your router, it is never a bad idea to change the WiFi password.
The most important thing you can do is update your devices as patches become available. Next, you'll want to consider patching your router firmware if the manufacturer doesn't update it for you automatically. See CNet KRACK Wi-Fi Bug: Here's How to Protect Yourself for a thorough list of steps to take to secure your network. And, see ZDNet Here's Every Patch For KRACK for additional information on current patches.
Note: Even if you patch your Android phone and your home router, you could be vulnerable if you connect your phone to another unpatched router. For the time being, the safest thing to do is to avoid using WiFi on your phone if possible.
Often the data going over your typical coffee shop wireless network is completely unencrypted, meaning hackers could easily infiltrate the network to pick up your Internet traffic and read it. What KRACK can do is make any WiFi network as unsafe as a public WiFi network.
If you have an old router and don't think the manufacturer is going to patch it, it is advisable that you get a new router later, after the patch has been implemented. The Wi-Fi Alliance® announced it will require manufacturers to verify that new routers are no longer vulnerable to KRACK, see Wi-Fi Alliance® Security Update, but the routers on the shelves today haven't been checked. You will need to update your phones, computers, and other devices that use WiFi to connect to the Internet.
Note: Cox issued routers will be have a firmware updates automatically pushed to them. We are working with our vendors and currently do not have a date for when the updates will be pushed. These types of updates can typically take several months.