KRACK (Key Reinstallation Attack) is a security flaw that was recently discovered in the WPA2 (WiFi Protected Access 2) protocol. WPA2 is the current method that most networks use to protect the connection from computer to router over WiFi.
The attack works by tricking the target computer into reinstalling the key established between the router and computer. This allows the attacker to give the computer their own key, letting them also have the ability to watch all the traffic leaving the affected computer.
The way that the exploit works is especially effective against Android phones and computers using a version of the Linux operating system due to how they handle wireless connections, but iPhones and computers using Mac or Windows are also vulnerable to the attack.
A few ways that individuals can protect themselves against the hack are by using the DD-WRT firmware on their router, which updated to protect against the hack in December 2016, and by making sure that all of their devices are completely up to date, as client devices can be updated to protect against the security flaw.
The attack is also most effective against the WPA2 Personal protocol, so using WPA2 Enterprise (which is what CSUSB uses) can slow down someone attempting to use the exploit against the network. If the option is available, using a wired connection makes the attack completely ineffective, as it only affects wireless connections.
Thankfully, the vulnerability can be patched in a way that will not require a new security protocol for WiFi. Due to the security exploit mainly targeting client devices, rather than routers and access points, expect updates to be released for phones and computers soon that should patch the issue. Some router firmwares handle the connection to devices in such a way that updating the router will fix the issue too.
On the flip side of devices running popular operating systems such as Windows, iOS, and Linux being updated to protect against this attack quickly, Internet of Things devices will likely not be so lucky.
This means that your Smart Fridge, Smart Security Cameras, Smart Thermostat, etc. are very likely to never receive an update patching the exploit, as most of them are either built to not be update-able, or are abandoned by the manufacturer right after they are released.
Mathy Vanhoef, the man that discovered the exploit, released all the information that they have on it, as well as ways to test if the security flaw can be used against your devices.
Because the flaw was found by someone who is purely white-hat, or a hacker that only does so to find flaws in order to fix them rather than use what they find for malicious reasons, the attack should be fixed on all operating systems soon, and without any major hacks and massive amounts of money being lost, like there were with exploits such as Eternal Blue.
In short, make sure to keep the software of all devices that you own up-to-date with the latest security patches and check for updates to the firmware of your family’s router.