Are you at risk of KRACK while accessing public Wi-Fi?
The next time you are browsing the wireless network at railway stations or airports, remember that your vulnerability to cyber attacks will be 'high'. Devices based on Android, iOS, macOS, Linux and Windows are among those most at risk to a newfound vulnerability called KRACK. A warning has been issued by the CERT-in, the nodal agency supervising cyber security in India.
India's track record in cybercrime is far from satisfactory. In the first six months of 2017, CERT-in said 27,482 such cases were reported - one incident every 10 minutes, up from 2016's one incident every 12 minutes. The most common crimes including phishing, virus or malicious code, scanning or probing, defacements, site intrusions, ransomware and denial-of-service.
To push digitalization and connectivity, the government has been working on setting up public hotspots around the country: it launched a project to provide free hotspots in over 1,000 gram panchayats. But it doesn't seem Indians are very concerned with security. In July'17, a report by Norton, anti-virus program seller, said 96% Indians put personal information at risk while browsing public Wi-Fi.
The same report lists the risky behaviors people display in search for a stronger Wi-Fi signal: watching a three-minute ad (35%), allowing permission to access personal emails (19%), personal photos (22%), dating profiles (16%), contact lists (19%) and even edit social media profiles (19%).
Recently, experts highlighted a vulnerability in WPA/WPA2 encryption, the most commonly used to connect to Wi-Fi, called a Key Reinstallation Attack (KRACK). When you connect to a network, a 'four-way handshake' ensures the client and access point both have the correct login credentials. KRACK exploits flaws in the protocol to find out the same installation key, which the attacker uses to access personal data.
According to Ram Swaroop, CyberSecurityWorks founder, "Every Wi-Fi network is at risk." Linux-based and Android devices on version 6.0 or higher are more vulnerable. This included over 40% of all Android devices.
Swaroop says the safest option is to not use public Wi-Fi at railway stations or airports. But if you do, keep your devices and router firmware updated. Refrain from updating apps on public Wi-Fi. While browsing, check for a lock icon on the address bar to know if it's secure. After browsing, 'forget' the network from your device. CERT-in has recommended using VPN/wired networks.