GOLDEN VALLEY, Minn. - If you use WiFi on your phone, computer or any other device, there is a newly discovered KRACK in your security.
"Key Reuse Attack is the 'KRACK' terminology," said Mike Johnson, Director of Graduate Studies at the University of Minnesota's Technological Leadership Institute. "It's a weakness in the WiFi protocol that's used everywhere, to secure nearly every wireless network."
The recently discovered KRACK vulnerability gives hackers a chance to unlock encrypted, potentially sensitive data typically secured by a wireless router, and they don't need a password to do it.
"It's a very big scope. Every single device that is WiFi enabled is potentially impacted," Johnson said.
The good news is there are not yet any documented cases of hackers exploiting the problem, and in this case location matters.
"It's not something you can use from another country," Johnson said. "It's not your typical cyber attack from a dark corner of eastern Europe. You actually have to physically be close to the devices."
That means an isolated home network is likely safer than a router in an apartment, coffee shop or other places with access to several users or networks.
"Be extra careful of where you connect," Johnson said.
You should also be careful what sites you connect to. Most banks and other companies that have an "https" address will still keep your information encrypted.
"That will mitigate this risk because that's from your device to the website and anything in the middle will be unable to decrypt that traffic," Johnson said.
Manufacturers of routers and devices have started to roll out patches that will permanently fix the problem, but many are still a couple weeks out.
And once the patches are available, you need to remember to update your devices, including your router's firewall.
"It's not the easiest thing to do, but once you've done it once it's not hard to repeat," Johnson said.