1. A security researcher named Mathy Vanhoef has exposed the flaws in WPA2. Actually, this protocol secures modern protected Wi-Fi networks.
2. These flaws are exploited through key reinstallation attacks (KRACKs). And the targets are devices using Wi-Fi – laptops, smartphones and smart homes. Any device that connects to the router via Wi-Fi is a target.
3. Vanhoff claimed that in addition to stealing sensitive information, it is also possible to tamper with data. For example, an attacker could inject ransomware or malware onto a website.
4. The flaw is in the Wi-Fi standard itself, not in any one product. This means that any valid implementation of WPA2 is affected.
5. Apart from Apple devices, all devices running on Android, Linux, Windows and OpenBSD are affected by some attack or the other. To avoid the attack, users should update their products as soon as security updates are available.
6. Vanhoff said that the attack does not involve stealing your Wi-Fi network password. This means that changing the Wi-Fi network password will not protect you. You have to ensure that your device is updated. You should also update your router’s firmware. After updating the router, you can change the Wi-Fi password if you want for additional security.
7. The router may not need an update, as the attack is on the Wi-Fi client. You should contact your vendor for more information. For the general user, the most important thing is to update their laptops and smartphones.
8. Vanhoff recommends users not switch to the insecure WEP protocol on their routers until the device has been patched.
9. As a user, you have no choice but to wait for updates for your smartphone and laptop. Install them as they become available.
10. Those phones for which the company itself has stopped giving updates will remain at risk of attack.