• Shopping Cart
  • Contact Us
  • Select a Location
    Close Location Selection

    Current Location:

    Let us know the location you'd like to browse.

    Select a Location
    OR
  • View Cart

WPA Vulnerability

Details

Key Reinstallation Attacks (KRACK) is a WPA security vulnerability. WPA2 is a protocol that makes wireless connections work in practically every device. Serious weaknesses have been discovered in WPA2. The flaw means that all devices are vulnerable to hackers who want to pick up on all the Internet traffic flowing in and out of laptops, cell phones, smart home devices and anything else with a WiFi connection.

Hackers must be near your device to use this attack. This significantly cuts back on the scale of attack a single hacker can carry out at once. The bad news is the attack could be carried out on virtually anything nearby with a WiFi connection. Your devices are likely vulnerable.


WiFi Passwords

Changing the password of your WiFi network does not prevent or mitigate the attack. So, you do not have to update the password of your WiFi network. Instead do the following.

  • Make sure all your devices are updated, and also update the firmware of your router.
  • After updating both your client devices and your router, it is never a bad idea to change the WiFi password.

Protecting Yourself

The most important thing you can do is update your devices as patches become available. Next, you'll want to consider patching your router firmware if the manufacturer doesn't update it for you automatically. See CNet KRACK Wi-Fi Bug: Here's How to Protect Yourself for a thorough list of steps to take to secure your network. And, see ZDNet Here's Every Patch For KRACK for additional information on current patches.

Note: Even if you patch your Android phone and your home router, you could be vulnerable if you connect your phone to another unpatched router. For the time being, the safest thing to do is to avoid using WiFi on your phone if possible.


Public WiFi
Often the data going over your typical coffee shop wireless network is completely unencrypted, meaning hackers could easily infiltrate the network to pick up your Internet traffic and read it. What KRACK can do is make any WiFi network as unsafe as a public WiFi network.

New Equipment
If you have an old router and don't think the manufacturer is going to patch it, it is advisable that you get a new router later, after the patch has been implemented. The Wi-Fi Alliance® announced it will require manufacturers to verify that new routers are no longer vulnerable to KRACK, see Wi-Fi Alliance® Security Update, but the routers on the shelves today haven't been checked. You will need to update your phones, computers, and other devices that use WiFi to connect to the Internet.

Note: Cox issued routers will be have a firmware updates automatically pushed to them. We are working with our vendors and currently do not have a date for when the updates will be pushed. These types of updates can typically take several months.

Additional Questions and Answers

Does turning off cellular phone WiFi provide protection, or are the cellular networks also vulnerable?

Cellular networks are not affected by KRACK, so turning off WiFi does protect you from the attack. On an iPhone or iPad that runs iOS 11, you will have to go to settings to turn off the WiFi. Turning off WiFi from the control center does not turn it off all the way.

Is https at risk? 

Many websites (the ones that start with https) put an extra layer of encryption on your Internet traffic to keep it scrambled as it travels to its destination. The KRACK attack does not break this encryption, so the scrambling could help secure your data.

Does VPN provide protection?

Yes. A virtual private network, or VPN, encrypts all the data flowing from your device across the Internet. It's an extra service that most people use when they need to connect to a workplace computer network when they're not in the office. It creates a safe tunnel for all your data to pass through that eavesdroppers can't spy on.

Is WPA2 with only AES also vulnerable? 

Yes, that network configuration is also vulnerable. The attack works against both WPA1 and WPA2, against personal and enterprise networks, and against any cipher suite being used (WPA-TKIP, AES-CCMP, and GCMP). So, everyone should update their devices to prevent the attack.

What if there are no security updates for my router?

The main attack is against the four-way handshake, and does not exploit access points, but instead targets clients. We strongly advise you to contact your router manufacturer for more details to understand if your router needs to be updated. In general, though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r. For ordinary home users, your priority should be updating clients such as laptops and smartphones.

Search for More Articles

Image of 2 Chat Bubbles

Need More Help? Let's chat!

Chat live with a Cox agent to get the fastest answers to all your top questions.

Modal Id: ttps:--www.cox.com-residential-modals-support-call-_jcr_content-parcontent-sectioncontainer.html