Warning: Wi-Fi passwords can be stolen by criminals exploiting ‘Krack’
5th December 2022
A serious flaw in WPA2 security, the protocol that protects most Wi-Fi networks, has been identified by researchers at the University of Leuven in Belgium. The flaw affects how Wi-Fi devices such as smartphones, laptops, and tablets establish encrypted connections to access points within range. It uses a method of attack called “key reinstallation attack” (KRACK) that can be used by criminals to steal passwords or other sensitive information such as credit card numbers or email addresses. This affects all devices that use WPA2, which is most modern Wi-Fi networks.
The risk
The KRACK attack works by tricking a Wi-Fi device into reinstalling an encryption key that the attacker controls. This allows the attacker to decrypt all traffic between the device and the access point, including any passwords or other sensitive information that is sent over the network.
What you can do
- Update your Wi-Fi devices as soon as possible. The latest security patches for Windows, macOS, and Linux have been released, and you should apply them immediately.
- Change your Wi-Fi password. This will make it more difficult for attackers to exploit the KRACK vulnerability.
- Use a VPN when connecting to public Wi-Fi networks. A VPN encrypts your traffic, making it more difficult for attackers to intercept it.
What the NCSC is doing
The NCSC is working with industry partners to develop a patch for the KRACK vulnerability. We will also be providing guidance to organizations and individuals on how to protect themselves from this attack.
Further information
- The NCSC’s website has more information on the KRACK vulnerability and how to protect yourself from it: www.ncsc.gov.uk/section/news-and-alerts/2017/krack-vulnerability
- The University of Leuven’s website has more information on the KRACK attack: www.cs.kuleuven.be/security/research/krack
The AI has provided us with the news.
I’ve asked Google Gemini the following question, and here’s its response.
UK National Cyber Security Centre a new article on 2024-12-16 17:13 titled “’Krack’ Wi-Fi guidance”. Please write a detailed article on this news item, including any relevant information. Answers should be in English.
89