If you’re even the least bit freaked out by the KRACK Wi-Fi security flaw, and wondering how it might possibly impact your life and meetings, here’s a bit of reassurance and advice.
First, What Is It?
KRACK is shorthand for Key Reinstallation Attacks, and it was discovered way back in May by a web security researcher in Belgium named Mathy Vanhoef. It’s technical, but basically it means he discovered a key flaw in something called Wi-Fi Protected Access 2, or WPA2, which has been the go-to option to protect your data over Wi-Fi since 2004.
The flaw means data you thought was safely encrypted can potentially be read and stolen. Or, in some cases, manipulated. “In practice,” intoned Wired recently, “that means hackers could steal your passwords, intercept your financial data, or even manipulate commands to, say, send your money to themselves.”
But on the Other Hand…
Take a deep breath. Breathe out and try to relax.
First off, this is not kid stuff. Or, more accurately, not every teenaged nerd in his bedroom can now steal your stuff or hack your event. In fact, no one has actually gotten ripped off yet, as far as we know. Vanhoef delayed making his discovery public for the very reason that he wanted to give the software engineers at companies whose products could be compromised (who he did alert) time to fix the flaw by making a “patch.” Furthermore, experts agree exploiting the flaw is a sophisticated undertaking.
Perhaps most important of all to know, your event is in no danger whatsoever from some internet criminal in Russia or Transylvania using KRACK.
An attacker has to be in range of your Wi-Fi.
So, What to Do
Vanhoef advises: “To prevent the attack, users must update affected products as soon as security updates become available. If your device supports Wi-Fi, it is most likely affected.”
Obviously, that means adding a new checkbox to your event to-do list. Have your Wi-Fi routers and other Wi-Fi enabled hardware been patched to make them KRACK-proof?
If not—and you can’t or don’t want to switch venues—advise attendees of the situation and suggest disabling Wi-Fi in their personal devices if they are concerned.
If possible, connect to the local network the old-fashioned way, using an Ethernet cable.
When sharing sensitive data, make sure you do so only with sites that use HTTPS encryption, for a higher level of security.
A Final Few Words
This is serious business, even if the media hype is a bit hysterical. “The problem is not so much that there are a ton of bugs in WPA2,” Matthew Green, a cryptographer at Johns Hopkins University explained to Wired. “It’s that it will be very hard to patch most low-cost consumer devices. So all it takes is one bad one to screw a lot people up for years.”
Wired concluded: “There’s some good news. Most current versions of iOS and Windows aren’t vulnerable, or are only vulnerable in one niche circumstance, because of the way Apple and Microsoft implemented the WPA2 standard…But the millions and millions of impacted devices will present a challenge to fix.”