KRACK
Key Reinstallation Attack

KRACK - Key Reinstallation Attack

What is KRACK (Key Reinstallation Attacks)?

KRACK is a vulnerability discovered by Mathy Vanhoef and published on October 16 2017 that allows anyone on the same network to read and change the internet data you transmit over Wi-Fi.

It affects all types of WPA2, the only Wi-Fi protection previously known to be secure, and the vulnerability works regardless of how strong your Wi-Fi password is.

KRACK is receiving a lot of attention from the press and experts in the security industry, and vendors are currently working on providing patches to devices that use Wi-Fi, such as computers, phones and access points.


Am I affected?

If you used Wi-Fi any time in the past, you were affected. This means that anyone with knowledge of this vulnerability in the past could have had access to your data transmitted using Wi-Fi, such as your username and password on websites, unless you were using a VPN.

The vendors mentioned in the paper were notified about the vulnerability around 14 July 2017, and a broader notification to all vendors was sent on 28 August 2017.

In particular, exploiting this on Android phones is very simple due to an additional bug. Until an update is published by your Android manufacturer, it's safe to assume your Wi-Fi traffic is not safe. Unfortunately some Android manufacturers can take months to provide an update, even of serious security fixes.

The researcher also mentions "attacking macOS (..) is significantly easier than discussed in the paper", so although details about this macOS attack are not known yet, it's safe to assume that your macOS Wi-Fi can also be easily read.


What should I do?

The best and simplest way to protect your internet connection over Wi-Fi currently is by using a VPN. Even if you connect to public Wi-Fi, the VPN will always guarantee that any data you send over Wi-Fi is private and secure. If you were using a VPN in the past, it means your data was safe even before this bug was well known.

If you aren’t using a VPN, websites you visit might protect your data if they are configured to always use https. Even if your website uses https, unless it's configured to always use it, there are ways that anyone exploiting this Wi-Fi vulnerability can force your computer or phone to not use https when they're eavesdropping so they can read your data. This configuration to always use https, called HSTS, is unfortunately not very widely used, and not very easily verifiable by the average user.

Also unless you are using a VPN, privacy of data from apps you use will depend solely on the protection built in by the app creator. Unfortunately for the average user, there's no way to verify if your data is being securely transmitted or not.


How do I use a VPN?

If you are a customer, all your data has been fully protected from KRACK even when using a vulnerable phone or computer in the past. Your data was never visible to eavesdroppers when you were on Wi-Fi, be it public or private.

If you don’t have an account, sign up below and you’ll be protected from KRACK in just a few minutes.


Map
Your private information is exposed

Our readers made it abundantly clear that Private Internet Access should be your first stop for protecting your private browsing data. - Lifehacker Media

7 day money back guarantee

Monthly

Two Years

Yearly

* any discounts reflect a reduction based on the current monthly service pricing at $6.95 per month
For bulk purchase inquiries, please reach out to multiple-accounts@privateinternetaccess.com

VPN Features

Secure VPN Account
Encrypted WiFi
P2P Support
PPTP, OpenVPN and L2TP/IPSec
5 devices simultaneously
Block ads, trackers, and malware
Multiple VPN Gateways
Unlimited Bandwidth
SOCKS5 Proxy Included
No traffic logs
Instant Setup
Easy to use
world

3111+ Servers in 25 Countries

United StatesUnited KingdomCanadaAustraliaNew ZealandNetherlandsSwedenNorwayDenmarkFinlandSwitzerlandFranceGermanyIrelandItalyRomaniaTurkeySouth KoreaHong KongSingaporeJapanIsraelMexicoBrazilIndia ...and growing