The blog.

KRACK and your security

Updated 11.01.2017 to reflect the determination that Starry Station is not vulnerable to the suite of known KRACK exploit techniques.

You might have seen headlines over the past week about a flaw in the standard used to secure WiFi networks. It was discovered by a security researcher at KU Leuven in Belgium, and it can be used to exploit the encrypted communication between WiFi routers and devices.

The security protocol used by practically every consumer WiFi router — including Starry Station — is called WPA2, and parts of it were determined to be vulnerable to a type of attack, now known as KRACK (Key Reinstallation Attack). It’s a serious defect, not only because WPA2 was considered the best available encryption for WiFi networks, but also because the flaw was discovered in the standard itself, making the entire universe of WiFi devices potentially vulnerable to exploit.

Fortunately for our customers, we've worked with our wireless chip vendor to determine that Starry Station is not vulnerable to the suite of known KRACK exploits. That said, you should continue to exercise caution when connecting to other private or public WiFi networks.

There are multiple layers of security that protect the important things you do on the internet. Even if an attacker gained access to your network through KRACK techniques, your internet activity is still encrypted by security certificates and HTTPS — indicated by the little lock you see in the address bar on your web browser.

What you can do to stay safe

If you want to take additional steps to keep yourself safe, here’s what you can do:

  1. Apply updates as soon as they’re issued.
    If you have a non-Starry router make sure it and any WiFi-enabled devices on your network are installed with the latest updates. CERT, the Computer Emergency Readiness Team, maintains vulnerability notes and a list of vendor responses to known vulnerabilities like KRACK.

  2. Use secure sites whenever you’re dealing with private data on the internet.
    Almost every reputable banking, shopping, and social networking site uses the HTTPS protocol — just look for the lock icon in your address bar.

  3. Don’t connect to public WiFi networks.
    This is a best practice all the time, really, because there’s no way to know if the public hot spot has up-to-date security, or if someone nearby is intercepting everyone’s network traffic. If it’s necessary to use a public WiFi, be sure to use a VPN or a built-in service such as Google’s Android 8.0 WiFi Assistant.

  4. Use a VPN to encrypt your internet traffic.
    VPN services will secure network traffic from your devices, but you should only choose a trusted VPN, like those reviewed by Tom’s Guide. Keep in mind that you might need to turn it off to use some services like Netflix or the Apple App Store.

  5. Use an Ethernet connection instead of using WiFi.
    KRACK only affects WiFi networks, so you can get around the risk by hard wiring important devices like your computer if you're waiting for other vendors to issue patches.

How Starry is responding

Again, we have determined that Starry Station is not vulnerable to the known suite of KRACK exploits. We will continue to monitor the situation, however, and post updates to our customers if necessary.

Where you can learn more

If you want to dive into the details of the KRACK vulnerability, you can read more at the following resources:

  • KRACK Attacks: Created by the KU Leuven researcher that discovered the vulnerability and his research team. It has a lot of detailed, technical information.

  • CERT WPA Vulnerability Note: Good overview itemizing critical vulnerabilities and a lists of manufacturer responses.

  • Best VPN Services & Apps of 2017: The Tom’s Guide ratings and reviews of VPN services that can help keep you safe on the internet.