| Are you at risk of KRACK while accessing public wifi? |
20 Oct 2017
|The next time you are browsing the wireless network at railway stations or airports, remember that your vulnerability to cyber attacks will be 'high'.
Devices based on Android, iOS, macOS, Linux and Windows are among those most at risk to a newfound vulnerability called KRACK.
A warning has been issued by the CERT-in, the nodal agency supervising cyber security in India.
| How does India's track record in cybercrime look like? |
|India's track record in cybercrime is far from satisfactory. In the first six months of 2017, CERT-in said 27,482 such cases were reported - one incident every 10 minutes, up from 2016's one incident every 12 minutes.
The most common crimes including phishing, virus or malicious code, scanning or probing, defacements, site intrusions, ransomware and denial-of-service.
| Is the focus on public wifi a good idea then? |
|To push digitalization and connectivity, the government has been working on setting up public hotspots around the country: it launched a project to provide free hotspots in over 1,000 gram panchayats.
But it doesn't seem Indians are very concerned with security. In July'17, a report by Norton, anti-virus program seller, said 96% Indians put personal information at risk while browsing public wifi.
| What are the commonly displayed risky behaviors? |
|The same report lists the risky behaviors people display in search for a stronger wifi signal: watching a three-minute ad (35%), allowing permission to access personal emails (19%), personal photos (22%), dating profiles (16%), contact lists (19%) and even edit social media profiles (19%).|
| What's this thing called KRACK? |
|Recently, experts highlighted a vulnerability in WPA/WPA2 encryption, the most commonly used to connect to wifi, called a Key Reinstallation Attack (KRACK).
When you connect to a network, a 'four-way handshake' ensures the client and access point both have the correct login credentials.
KRACK exploits flaws in the protocol to find out the same installation key, which the attacker uses to access personal data.
| Who's at risk of being attacked by KRACK? |
|According to Ram Swaroop, CyberSecurityWorks founder, "Every wifi network is at risk." Linux-based and Android devices on version 6.0 or higher are more vulnerable. This included over 40% of all Android devices.|
| How can you keep yourself safe on public wifi? |
|Swaroop says the safest option is to not use public wifi at railway stations or airports. But if you do, keep your devices and router firmware updated.
Refrain from updating apps on public wifi.
While browsing, check for a lock icon on the address bar to know if it's secure.
After browsing, 'forget' the network from your device.
CERT-in has recommended using VPN/wired networks.