KRACK
Key Reinstallation Attack

KRACK - Key Reinstallation Attack

What is KRACK (Key Reinstallation Attacks)?

KRACK is a vulnerability discovered by Mathy Vanhoef and published on October 16 2017 that allows anyone on the same network to read and change the internet data you transmit over Wi-Fi.

It affects all types of WPA2, the only Wi-Fi protection previously known to be secure, and the vulnerability works regardless of how strong your Wi-Fi password is.

KRACK is receiving a lot of attention from the press and experts in the security industry, and vendors are currently working on providing patches to devices that use Wi-Fi, such as computers, phones and access points.


Am I affected?

If you used Wi-Fi any time in the past, you were affected. This means that anyone with knowledge of this vulnerability in the past could have had access to your data transmitted using Wi-Fi, such as your username and password on websites, unless you were using a VPN.

The vendors mentioned in the paper were notified about the vulnerability around 14 July 2017, and a broader notification to all vendors was sent on 28 August 2017.

In particular, exploiting this on Android phones is very simple due to an additional bug. Until an update is published by your Android manufacturer, it's safe to assume your Wi-Fi traffic is not safe. Unfortunately some Android manufacturers can take months to provide an update, even of serious security fixes.

The researcher also mentions "attacking macOS (..) is significantly easier than discussed in the paper", so although details about this macOS attack are not known yet, it's safe to assume that your macOS Wi-Fi can also be easily read.


What should I do?

The best and simplest way to protect your internet connection over Wi-Fi currently is by using a VPN. Even if you connect to public Wi-Fi, the VPN will always guarantee that any data you send over Wi-Fi is private and secure. If you were using a VPN in the past, it means your data was safe even before this bug was well known.

If you aren’t using a VPN, websites you visit might protect your data if they are configured to always use https. Even if your website uses https, unless it's configured to always use it, there are ways that anyone exploiting this Wi-Fi vulnerability can force your computer or phone to not use https when they're eavesdropping so they can read your data. This configuration to always use https, called HSTS, is unfortunately not very widely used, and not very easily verifiable by the average user.

Also unless you are using a VPN, privacy of data from apps you use will depend solely on the protection built in by the app creator. Unfortunately for the average user, there's no way to verify if your data is being securely transmitted or not.


How do I use a VPN?

If you are a customer, all your data has been fully protected from KRACK even when using a vulnerable phone or computer in the past. Your data was never visible to eavesdroppers when you were on Wi-Fi, be it public or private.

If you don’t have an account, sign up below and you’ll be protected from KRACK in just a few minutes.


あなたの個人情報が危険に晒されています
リスク無し。30日間の返金保証

1か月 

1年 

* すべての金額はUSDで表示されており、割引は現行の月額サービス($9.95/月)に基づいた割引を反映しています
³ サインアップ時に即請求されます。無料追加時間は1回限りのプロモーションオファーです。

"競合他社を上回るプライベートインターネットアクセスのパフォーマンスおよび機能性"   -   PCMag logo

バルク購入ですか? 今すぐ入手する

VPN 機能

安心VPNアカウント
暗号化 WiFi
P2Pサポート
WireGuard®およびOpenVPN
10デバイス同時利用可
広告、トラッカー、およびマルウェアをブロック
複数VPNゲートウェイ
帯域無制限
SOCKS5 Proxy込み
トラフィックログ無し
即時セットアップ
ご利用簡単