1. Sales & Marketing
  2. Finances
  3. Your Team
  4. Technology
  5. Social Media
  6. Security
Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.
Grow Your Business Security

What Is the Wi-Fi KRACKs Exploit and How Do I Defend Against It?

Wifi security
Credit: Shutterstock

IT security experts announced the discovery of a major exploit that leaves nearly any Wi-Fi enabled device vulnerable to cyberattack. The exploit, dubbed the Key Reinstallation Attacks (KRACKs), is described in the website krackattacks.com as a weakness in the WPA2 protocol that protects nearly every modern Wi-Fi network and enabled device.

A: This latest exploit is said to take advantage of WPA2's four-way handshake that generates the encryption key for a connection to a Wi-Fi network. In short, attackers can obtain a copy of this key, which allows them to break through the encryption and eavesdrop on data sent through the network. The major limitation of this exploit, however, is that an attacker must be in physical range of their target's Wi-Fi.

A: Wi-Fi Protected Access 2 is the security protocol used to encrypt and protect data passed through a Wi-Fi network. Its function is to ensure that only authorized devices gain access to a network using a password.

A: Nearly all major systems are affected, including Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, among others.

A: Criminals can theoretically use the hack to decrypt data packets passed through the connection, effectively allowing them to obtain sensitive data like usernames, passwords, account numbers, etc. Depending on the type of network and network settings, hackers could insert their own code through the connection, installing malware, such as ransomware.

A: No. The exploit bypasses passwords completely.

A: Update the software and firmware of all your Wi-Fi enabled devices, including computers, smartphones, routers and modems. According to US-CERT, about 100 major organizations, whose products and networks could potentially be affected by the exploit, were informed several months before the findings were made public. These companies and vendors have been working on updates and patches to seal the vulnerability, with some updates that were already released before the news went public.

A: A few other precautions you can take to make sure your network connection is secure, includes implementing a virtual private network (VPN). Connecting your devices to a VPN from within your own network adds an extra layer of security. Experts also advise visiting only HTTPS-enabled websites. You can block non-HTTPS sites through most firewall programs. [Read related article: 4 Free Encryption Services to Secure Your Business Communications]

A: Not one person or company is responsible for the exploit. It was a flaw baked into the protocol when it was established and agreed on by the Wi-Fi Alliance, an organization made up of members of the tech industry.

A: It's unknown if the exploit has ever been used for malicious purposes. The author of the research paper claims to have discovered it by accident and that in many instances, it would be hard to pull off on certain systems, and could only work if certain conditions were met.

Andreas Rivera

Andreas Rivera graduated from the University of Utah with a B.A. in Mass Communication and is now a staff writer for Business.com and Business News Daily. His background in journalism brings a critical eye to his reviews and features, helping business leaders make the best decisions for their companies.