KRACK: How Secure Is My Wifi?

Detect Security Vulnerabilities in Your Web Apps and APIs
Scan now for free

And what should I do now?

A new attack on the WPA2 protocol, used to encrypt wifi connections, has recently been published. Unfortunately, the attack is something that has been around for over a decade!

Security researcher Bruce Schneier states:

This meets my definition of brilliant. The attack is blindingly obvious once it’s pointed out, but for over a decade no one noticed it.

What can I do about that now?

First of all: Don’t panic. Even though this is a serious vulnerability and you cannot do something about the actual vulnerability yourself, this probably won’t affect you too much. An attacker can decrypt your Wi-Fi traffic so close to you that he can physically listen to your Wi-Fi signal. However, it can only decrypt the wifi signal. He cannot join the wifi network or decrypt any further encryption that is in use.

Therefore: Use TLS encrypted connections (if your browser says https://, that’s it) whenever possible, especially when you enter login information in your browser or do anything else that might be sensitive. The Electronic Frontier Foundation, for example, offers the browser plugin HTTPS Everywhere, which will redirect all your traffic to the encrypted version of a website whenever possible.

The researcher Mathy Vanhoef released a youtube video that illustrates the attack. It shows how the attack works to eavesdrop on a login form if you do not use the https version of a web application:

To solve the actual vulnerability, make sure that you update your wifi drivers when a patch becomes available. You can check the status of the different vendors here:

As a company, providing a good encrypted version of your application is important. Check out our free security scanner to test the provided TLS encryption of your website.

Get a quick security report for your website for free now

We are analyzing
Scanning target
Scan status: In progress
Scan target:
Date: 30/11/2023
Crashtest Security Suite will be checking for:
Information disclosure Known vulnerabilities SSL misconfiguration Open ports
Complete your scan request
Please fill in your details receive the
quick security audit by email.
Security specialist is analyzing your scan report.
То verify your identity please provide your phone/mobile:
Thank you.
We have received your request.
As soon as your security audit is ready, we will notify you.