Skip to main content

Using Wi-Fi? You could be vulnerable to a KRACK attack

A widespread vulnerability has been discovered that could put any phone, computer or smart TV that supports a Wi-Fi connection at risk, according to security experts. 

Mathy Vanhoef, who discovered the security weakness, stated that all modern connected Wi-Fi devices could be affected by a KRACK attack - anything from an Android phone to an Apple Mac. If it can connect to the internet through Wi-Fi, it could be vulnerable to this recently discovered man-in-the-middle hack.

What is a KRACK attack?

KRACK stands for Key Re-installation Attack. Vanhoef states, 'attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.'

'The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.' (Read Vanhoef's full statement here)

It should be noted that data which is already encrypted or secured (through IPSec or HTTPS) by other means remains secure. 

How does the attack work?

The attack itself is quite complicated, but involves attackers intercepting a 'handshake' between the Wi-Fi client device and the protected network. The handshake is a four step process between the device and the network, where the connection is established and encryption enabled to preserve security. 

During the third step of the handshake, an encryption key is sent between the device and the network. A KRACK attack works by forcing the encryption key to be resent multiple times. By collecting and replaying the transmissions a hacker can break the Wi-Fi security encryption, relieving you of your security online.

How can I protect my devices?

This vulnerability, although widespread is actually quite difficult for hackers to exploit. The perpetrator would need to be in range of a specific target, and the hack would also require fairly extensive preparation. This doesn't mean that it's impossible for hackers to eavesdrop on your internet use, but it does mean it's quite unlikely that it's already happening.

There's even more good news here; if you're using a correctly configured HTTPS (you can check this in your address bar, look for the little padlock) you are still protected against this kind of attack. You can use HTTPS everywhere if you're concerned about the security of certain sites. 

As expected, the tech heavyweights are rushing to create patches for this bug. ZDNet are updating the list of companies that have issued statements and updates, which you can check here. The best thing you can do as an internet user is make sure you have automatic updates turned on for all of your devices where possible, or keep manually installing updates as they come in.

For Transcendit's support customers, our team have investigated whether this is an issue for their systems and have identified affected systems along with what action is required. The majority of systems we provide are not affected, or updates have not been released. We are in the process of upgrading those affected where updates are available.

If you're concerned about this attack, give our support team a ring on 0191 482 0444


The Transcendit Way

Transcendit understand that when you choose to work with us, whether we're taking care of your IT, app or web development, you're trusting us with part of your business. So whether we're looking after your computers, phone systems or servers we always do things 'the Transcendit way'.

The whole of our team adhere to the same values, beliefs and policies - the principles that were written when Transcendit first formed in 2000. Whether you come to us for cloud services or recovery backup you can be confident that you'll always receive the same excellent service.

The Transcendit way outlines how we do business; following the same straightforward principles with every client and customer, regardless of how big or small they may be.

That means we get to know you and your business. We offer you a friendly, professional and efficient service, and we'll always be honest with you.
We understand that not everybody speaks fluent IT, so we try to explain things in a way that is simple and clear. We always spend as much time as is necessary explaining things to you.
If you need to talk to us about something, no matter how insignificant, we are only ever a phone call away – and we’re never too busy to make you a cup of tea and have a sit down with you in person.
We understand how frustrating it can be when things are late. When we schedule an appointment with you, we are there when you’re expecting us. If something prevents us from getting there, we always call you in advance to let you know.
Sometimes things can go wrong, but we never lie to you or try to cover something up. If things go askew we tell you what’s happened and how we plan to prevent it affecting your business.
We want you to continuously benefit from working with us. We regularly discuss your business and make suggestions for improving systems and processes wherever we can – but we never try to push you into a purchase.
When we quote a fixed price, that's always the amount we charge – you won’t find any nasty surprises on a bill from us. If you are paying by time and materials, we inform you if our approximations could change.
We understand the importance of privacy for your business and your customers. We respect the confidentiality of your data, and we will never pass on your information to third parties.
We appreciate it when you take the time to give us feedback. A system called CustomerSure records our client's responses, so you can trust that our reviews are from real people.
Find out what they're saying here.
Paul is always more than helpful...we'd be lost without him! Angela Fenwick, Streetwise

Based on 12075 reviews our customers rate us 9.8/10. Reviews and ratings by Customersure. 09-October-2024

Transcendit are proud sponsors of CHUF, the Children's Heart Unit Fund.

Transcendit is a Living Wage employer
Transcendit is a Microsoft Gold certified partner
VMWARE partner
Vipre partner
IPCortex partner
WithSecure partner
DELL partner
Barracuda partner
Veeam partner
N-Able partner