KRACK attack: What you need to know

4:15 pm on 17 October 2017

InternetNZ and government cyber security agency CERT NZ are warning all New Zealanders to avoid using Wi-Fi following an international software hack.

Here's what you need to know:

Keyboard, computer, cyber attack

Photo: 123rf

What's happening?

An attack, known as the KRACK (Key Reinstallation Attack), has emerged from weaknesses that have been discovered in a protocol that Wi-Fi uses.

It gives attackers the ability to inject viruses or ransomware into the website that is being visited.

The Krack vulnerability, which was identified by a security researcher overseas, potentially allows a hacker to eavesdrop on Wi-Fi traffic. The hacker would need to be within Wi-Fi range and would not be able to access encrypted traffic (e.g. most banking websites and some other applications).

Systems affected

  • Almost all devices including computers, mobile phones, routers and smart TV could be affected.

What this means

  • All devices that use Wi-Fi networks need updating to protect against attack.
  • Microsoft's recent security update means only Vista and XP remain vulnerable.
  • Google is releasing a fix for Android on 6 November.
  • Patch coming for recent Apple devices in the next few weeks.
  • Linox patches already out or coming soon.

What to do

  • Keep devices up to date. Turn on auto-update and you will get a fix as soon as it's available.
  • InternetNZ advise using a cable to access a home modem or data on mobiles.
  • If in doubt, contact your internet provider or product manufacturer.
  • If you're transmitting sensitive information online check to make sure the website address starts with 'https' - it may also have a lock symbol in the top left corner.
  • Turn off Wi-Fi and devices connected to the internet when not in use. This includes any 'smart' devices, such as whiteware, appliances, webcams, TVs, and baby monitors.

Is anyone in New Zealand affected yet?

  • Both Spark and Vodafone say they are not aware of any customers affected.
  • Spark says its home broadband modems are not vulnerable to the threat.