WPA-2, the encryption standard that protects the transmissions of
virtually all modern wifi devices and keeps random kids in your city from being able to siphon your naked photos or sensitive political communications off your network, has been revealed to have a major
The bad news: Basically everyone is vulnerable to some extent, and there is no fix available today for most devices.
The good news: There is currently no publicly available code to take advantage of this vulnerability, which requires a high level of skill to exploit. How vulnerable you are will realistically depend on your threat model (and what kind of device you have). Android devices are most vulnerable, Windows and iOS less so. Attackers will need to be in range of your wifi in order to perform the attack. And the extent that the infosec world is correctly freaking out about this means that patching this vulnerability should be a priority. But we expect vulnerabilities to persist in some unpatched routers and IoT devices for years.
We write this blog with the expectation that readers need better-than-average security. So while some of these recommendations might be overkill for average users, we make them with the understanding you are here because you want to be more careful and secure when possible.
What you should do:
1) Actually, stick with WPA-2 for now, and check your wifi settings! Since we don’t have anything better. Use WPA2-AES to reduce some of the impact of the attack. Decent Security has a good blog post on the details of how to set up your wireless network.
2) Use HTTPS (which provides a layer of encryption)
whenever possible. The easiest way to do this is use HTTPS Everywhere
with Chrome / Firefox. The KRACK vulnerability will not remove the
layer of security provided by HTTPS.
3) Watch for updates. Here’s a list of vendors who have already patched.
3) Contrary to what you
may read, we don’t recommend using a VPN at this point, especially since many
free ones engage in extremely disreputable activity with your data and
will turn it over to governments who ask for it anyway.
connecting to public wifi until patches are issued. Find out what router
you use at home or in your organization, and keep an eye out for
5) If it’s an option, consider using ethernet cables! They still exist and circumvent this issue.
Further reading: (from least to most technical)