A security vulnerability in ALL wireless WPA2 connections was recently discovered. What should you do?

Cupped hand to ear“KRACK” stands for “Key Reinstallation AttaCK“. Talking of a “KRACK Attack” is, therefore, tautological, but my pedantry doesn’t clarify anything. What it means is that a fault has been discovered in the way that two devices establish communication wirelessly (known as the “handshake”) which it is theoretically possible for someone to exploit so that they can intercept traffic passing along that wireless connection. The vulnerability was discovered by Mathy Vanhoef. He explains it on the Krackattacks website.

This is, of course, potentially very serious. The best wifi password in the world won’t protect against this vulnerability. So, let’s start with the good news: before this vulnerability had started hitting headlines, Microsoft had already patched Windows so that Windows 7, 8, and 10 users are already protected. They didn’t tell us at the time because they didn’t want to alert all the bad people out there of the problem before operating system manufacturers and router manufacturers had had the chance to close the loophole. As I write this (06/11/2017), I haven’t yet found any assurances from Apple or Google that the software for Macs, iPhones, iPads, or Android devices has been similarly patched.

KRACK logo

Yes, the KRACK vulnerability has its own logo!

Microsoft assure us that Window is now safe even if used with a router whose own firmware is still un-updated (since the problem concerns how two device communicate with each other, it appears that a vulnerability at either end can be a potential problem) . Clearly, if you use a Mac and are looking for complete protection before Apple say they have fixed it from their end (ie the operating system), then it would be a good idea to see if your router manufacturer has issued a firmware update covering the vulnerability.

I wish you good luck in that quest, though. I checked my own router’s firmware (it’s an Asus router) and found that a firmware update was, indeed, available. I installed it and hope that that means I’m now covered from that end. However, I couldn’t find any information from Asus that said that that specific firmware update includes protection against this specific vulnerability. Not entirely satisfactory. You may have more luck, though. I did find a list of router manufacturers who claim to have fixed the problem in their latest firmware.

Microsoft logo

Microsoft were quick off the mark in patching Windows 7,8, and 10

So, you may or may not have been able to update the firmware in your router. What else can you do before you’ve been re-assured by Apple and/or Google that your software has been patched?

  • This vulnerability only affects wifi connections. If you can connect your computer to your router by an ethernet cable then the problem disappears.
  • As far as mobile phones are concerned (and maybe tablets as well), if you turn the wifi connection off and connect to the internet using your data plan then the problem disappears (but it’s worth being aware of how much data you can transfer this way within your plan).
  • A wifi connection is safe if you are connecting to a “secure” web page. A secure web page begins with “https” (instead of “http”). In this case, the problem disappears as all traffic between yourself and the web page is encrypted.
  • Some social networks, such as Facebook, can take you between secure web pages and insecure ones. To ensure that all of your pages are secured on such sites, go to settings and look for an option that lets you turn on “secure web browsing” or similar.
  • A wifi connection is also safe if you connect to the internet using a VPN (Virtual Private Network). See my recent blog post “What is a VPN and do you need one?

And if you are still using Windows XP or Vista, maybe this is another wakeup call!

Mobile wifi has been around for a while, but has its time now come?

WiFi LogoDo you remember the days before laptops had in-built wifi adaptors? It used to be quite common to buy a mobile data plan, with its own SIM, that worked by connecting a “dongle” (containing the SIM card) into a USB port of a laptop. I seem to remember that this used to work reasonably well. Somewhere along the way, though, these seem to have lost favour. When I asked my mobile provider (EE) about it recently, they said that they no longer support such devices.

In large part, they probably went out of popular use as laptops began to be supplied with their own wifi adaptor. These could easily be connected to one’s own wifi router or to the wifi supplied in ever-increasing numbers of public locations. However, I have now found that some mobile providers do still offer “data dongles”. See the one illustrated from Vodafone.

EE Osprey Mobile WiFi

EE Osprey Mobile WiFi

So why do I mention this now? Well, when iPads first came out, I advised buying a version that included the ability to take a SIM card for a dedicated mobile data plan. This would give the same facility as plugging in a USB dongle with a SIM card (which can’t, of course, be done with an iPad as there’s no USB connectivity). My reasoning was that it is probably worth the ridculous £100 extra on the price of the iPad just to be able to connect to the internet wherever there is a 3G (or, now, 4G) signal. That’s what I bought for myself and it worked well. Move on a while, and I now have a Microsoft Surface that I carry with me for work. It is essential that I am self-sufficient with a wifi connection, so I asked EE if I could buy a USB dongle so as to put the SIM from my iPad into my Surface (the Surface can’t directly take a SIM).

EE said they don’t support the dongles any more but I could buy a “mobile wifi”. This takes a mobile data SIM and trasnsmits a wifi signal that can be connected to by up to 10 devices in the area. This is great because there are no physical connections (so it’s not taking up the only USB slot on a Microsoft Surface, for example) and it means that ANY device or computer that can connect to a wifi signal can access it without any software or setting up (other than knowing the name (SSID) of the mobile wifi and its password). I know that these devices have been around for quite a while but they’ve never been anything like widespread.

Vodafone Data Dongle

Vodafone Data Dongle

So I bought one and I’m well pleased with it. I’ve been getting speeds of up to 15mbit/sec on mine. This is twice as fast as at least half of the standard domestic ADSL broadband connections that I see among my computer support clients. The connection is usually stable and it produces a good enough signal that I don’t even take it out of my bag: I just turn it on and connect to it wirelessly in the normal way.

It also means that I’m not having to choose between my iPad and Surface for internet connectivity. In fact, up to 10 devices can typically connect to one mobile wifi at a time. I just need to make sure I’ve got the mobile wifi with me and that it’s charged. It is charged via a standard micro USB connection in about an hour or so.

There’s another use I put it to, and that is that I now routinely connect to the internet in cafes and other public places via my mobile wifi and not via the “free” wifi provided in those establishments. And there are two very good reasons why I think it’s a good idea to get away from unsecured public wifi connections:

  • With public wifi. you can’t be sure that the innocent-looking person on the next table to you isn’t stealing every bit and byte that’s passing between you and the internet.
  • With public wifi, you can’t be certain that the provider isn’t stealing information about you as well. A few weeks ago I connected to Costa Coffee’s wifi for some reason and was really hacked off when a message came up saying their terms and conditions have changed and that I now have to tell them my gender! No way. If they are giving me free wifi then it’s not free if they are gathering (and selling?) information about me and my use of their service. Having a distinctly childish and petulant streak in me, I told them I am female.

So, if you have several mobile devices and want more-or-less permanent access to a secure wifi connection, then mobile wifi is versatile in that it allows any device capable of a wifi connection to connect to it, and it also lets you get away from the security-challenged environment of public wifi.

But, oh yes, it’s one more thing to forget to put in your bag when you go out, and one more thing to forget to charge.

Granting access to your wifi connection still causes problems for many people.

Sledgehammer and Wifi RouterTo allow a visitor to connect their mobile device (iPad, other tablet, smartphone, netbook etc) to your wifi connection, you will need to give them 2 pieces of information about your wifi setup:

  • The name of the wireless network (also known as the SSID)
  • The passkey (password) to connect to that network

These pieces of information are held in your router. They may have been set by your broadband supplier (if they supplied the router), or they may have been set by you, or a computer support consultant such as myself, who created them at the time of setting up the router.

I’ve suggested before that it’s a good idea to write the information down on a piece of paper and stick it to the bottom of the router. This sounds really trivial and you may be wondering why I’m banging on about it again. Well, there are several reasons:

  • In my capacity as a computer consultant I often get asked for this information by my clients. I never accept responsibility for the usernames and passwords of my clients, but it is true that I will know some of them and it’s natural enough that they should ask me if they get stuck. The point here is that it doesn’t seem to matter how often I “suggest” that they record such information in a place where they can find it, I still get regular requests to help them out. I’ve started to put stickers on clients’ routers myself when the subject comes up, but it would make much more sense if everyone could just take 5 minutes to do it.
  • Some people get confused about the information that is sometimes already written on a sticker on the router. For the present purposes, you don’t need to worry about references to mac codes or serial numbers. Similarly, ignore the “administrator username and password” that may be written on the router. That information is for accessing the settings of the router via a web browser. What you are looking for is almost always identified as the “SSID” (service set identifier) and the “passkey” (or “password”).
  • If you take your mobile device away on holiday with you it may just have “forgotten” the details of your home wifi setup when you get it home again. So, you’ll need to connect it again and that entails recognising your home router’s SSID and re-entering the passkey.
  • Not so long ago a visitor to a client of mine actually reset her router to factory defaults in order to get past the fact that they didn’t know the router passkey. Not wise. She had to pay me to go and set it up again and she had no internet connection in the meantime.

QR Code for Wifi SettingsI recently came across a website that creates a QR code of your router SSID and passkey. I know this is going to sound really nerdy, but it means you can stick a QR code onto the bottom of your router and anyone with a smartphone that has a QR reader app on it can scan the code from your router and store it on their phone. I was rather hoping that it could automatically extract the information and key it straight into the Wifi settings of the phone, but maybe that was asking a bit much (although the iPhone app QR Reader does let you copy the information for pasting into the wifi settings).

And if you still think life’s too short for stuffing mushrooms (see this blog on QR Codes) and say to yourself “I might just as well write it on a piece of paper and stick it on the router” I would reply “Yes – please do!”

Computer clients have asked me several times recently “what is the difference between WiFi and 3g?”

concentric blue arcs representing wifi access

A popular symbol representing WiFi access. There doesn't seem to be anything similar for 3G access.

WiFi is a standard of localised radio transmission that is used to establish a wireless internet connection between a router and a device (computer or similar). So, your Internet Service Provider (your ISP – eg BT, Virgin, Zen etc) provides your internet connection to your premises via your telephone line or via a separate cable. The telephone line or cable is then connected to your modem/router (usually just called a “router” these days). Most routers can then connect computers to this internet connection either by ethernet cables or wirelessly or both. The range of the WiFi wireless connection is quite limited. This can sometimes cause problems in getting a signal to different rooms in the same premises. You pay for this WiFi access as part of your contract with your ISP.

3G, on the other hand, is a standard for transmitting radio that comes from mobile phone masts. In other words, it uses the same infrastructure as your mobile phone voice connection. It is run by the mobile phone companies and you need to have a device that will connect to a specific company’s 3G signal and a contract whereby you will pay the mobile phone company for using the system. Your 3G connection will give you access to the internet just as your WiFi connection does.

So, if you are at home and using your computer with a wireless internet connection then the normal way to do this is to connect to your router by WiFi. If you are out and about with your smartphone and want to connect to the internet then you will typically connect using the 3G service on your mobile. The upside of 3G is that you can (hopefully) get a 3G connection wherever you are, whereas your WiFi signal only works within close proximity to your router (eg at home). The downside is that the 3G connection can be very much more expensive to use and the 3G service is a bit wobbly. Sometimes you may not even get a 3G connection at all and sometimes it is excruciatingly slow. It can be even worse if you venture outside of London.

So far, it seems as if WiFi and 3G are very separate things for separate devices, but that’s not the case. Take the iPad for instance. All iPads come with WiFi connectivity, but for an extra £100 (gulp!) you can also have 3G connectivity on the same device. Why have both? Because 3G gives you flexibility to connect when away from your router and WiFi gives you affordability when you are close to it. Smartphones also have WiFi accessibility as well as 3G. Kindles come in different flavours as well, and if you have a model with 3G then Amazon provide your 3G connection free of charge. I’m not completely certain, but I think that any device that has both WiFi and 3G connectivity will automatically use the (cheaper) WiFi connection if it is able to do so – ie if it is in range of a WiFi network for which it has the passkey.

Blue WiFi symbols on photo of coffee barAnother common way in which these communications methods merge with the different hardware is in the use of “dongles”. These days, a “dongle” usually means a small USB-connected wireless receiver that provides a computer with internet access via the 3G system. Again, the 3G service (and the dongle) is provided by the mobile phone company of your choice. This is actually a very straightforward way of getting internet connectivity when away from your router but, again, it can be very expensive and the service can be wobbly. You can use these dongles either on a monthly contract or “pay as you go”. The monthly contract is not going to be much higher than your mortgage repayment. The “pay as you go” sounds great until you discover that it expires if you don’t use it. It’s a bit like buying a tin of ham to keep “for emergencies”, only to find that it’s disappeared from your cupboard because you haven’t eaten it within a month. The words “rip” and “off” come to mind.

There are other combinations and possibilities. A lot of smartphones have the capability of connecting to the internet with 3G and then sharing this connection with (for instance) a laptop computer. This is known as “tethering” and it’s my own chosen method for connecting to the internet when I’m out and about. If you want to do this, though, you must ensure that both your mobile phone and your contract with your mobile provider permit it. Things may have changed now, but I do know that a few years ago T-Mobile (in my own case) expressly forbade tethering in most of their contracts and they even “crippled” the phone’s capability to do it on phones that they themselves provided. I’m not sure, though, if that’s still the case.

Yet another possibility is that if you have Windows 7 you can turn that computer into a Wifi Hotspot so that any internet connection it is receiving can be made available to any device close by. I could capture an internet connection using the 3G of my smartphone, pass that to my (tethered) netbook and then broadcast a WiFi signal that I could pick up on my virtual iPad (so-called because I haven’t got an iPad). So, with all this I could save £100 when buying an iPad because I wouldn’t need the 3G connectivity. The downside, of course, is that by the time I get that all set up and working in Cafe Nero or Costa Coffee, then my coffee will be cold and it’ll be time to leave for my next appointment. Besides that, of course, do I really want to look like a super-annuated uber-nerd?

PS: …. and I haven’t even mentioned Mobile Hotspots

© 2011-2017 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha