Home » krack

Important Customer notification from eir

Customer information on the recent announcement of a Wi-Fi security vulnerability called KRACK.

Other useful information and promotions explained

What is KRACK?

KRACK (short for "Key Reinstallation Attack") is a security vulnerability that affects any Wi-Fi client using the most recent authentication and encryption standards (WPA and WPA2).  It refers a vulnerability that could be used to open up your internet traffic to hackers by forcing a device to repeat sensitive information to identify itself before it can establish an internet connection.

What is Wi-Fi client?

Any device that connects to a Wi-Fi network.

When was it discovered?

Details of the vulnerability were published in October 2017.

Does this vulnerability affect me?

If you use a device that uses Wi-Fi, then possibly.

Do I need to change my Wi-Fi password on the home modem?

Changing the password of your Wi-Fi network will not prevent or mitigate an attack. Consumers should, instead, make sure all their devices are kept up-to-date.

Is my data exposed?

The attack compromises the security of the Wi-Fi connection used by the wireless devices.  Sensitive data (e.g. credit card information) is normally transmitted over secure protocols over the internet, this attack does not remove or compromise this protection. As such, if you are using a website that uses HTTPS (on most browsers you will see a lock symbol beside the address) the information sent or received is still safe.  However, if the data used by a website or service you are using is not transmitted over secure channels, then this attack could allow other malicious users to eavesdrop and get access to any information transmitted or received.

Can the device be compromised or attacked from the Internet?

No, the attacker needs to be physically within range of the Wi-Fi network in order to be able to maliciously access it.  It is not possible to exploit this vulnerability from beyond the range of the device.

How serious is the risk?

The risk is limited by the fact the vulnerability has to be exploited while in proximity of the Wi-Fi device.  However we advise all customers to follow the device manufacturer's recommendation and update the software on their devices when the fix is made available.

Is my eir broadband modem vulnerable?

No, the modem (router) provided by eir for its fixed broadband offerings is not vulnerable to this attack.  While eir’s router is not affected by the security issue, it cannot protect vulnerable devices from it.  In order to be fully protected, you will likely need to update all the devices connecting to your Wi-Fi network.  Device manufacturers are currently working on software updates to fix the vulnerability.

What if I have a Wi-Fi extender?

This issue could also apply to Wi-Fi extenders, please check with the device manufacturer for the latest information on their fix/release schedule.

Which device vendors are affected?

Check with the device manufacturer for the list of devices affected.  Again, eir recommends that all customers switch on automatic updates for their devices and accept the latest update requests when they become available.

Are hackers already exploiting these vulnerabilities?

On Monday 16th October the Wi-Fi Alliance said that 'there is no evidence that the vulnerability has been exploited maliciously'. Check here for the full statement.

Is my eir mobile phone affected?

In relation to mobile handsets, we have been in contact with our device manufacturers; they are aware of this vulnerability and are working on the development and roll-out of a security patch.  When available, this will be deployed to your handset, through standard software updates.  As always, to optimise the performance and security of your mobile handset, we recommend customers update their handsets as soon as new software is made available.

When will my handset be updated?

We are not in a position to confirm as this is determined by the handset manufacturer. A notification will be sent to your handset when new software is available.

Will all handsets receive the update?

This is up to the manufacturer and will depend on whether the handset is impacted and if it is still under support.  For further details, we recommend visiting the manufacturer's own website.

How do I know if my handset is impacted?

The vulnerability impacts handsets using the WPA2/WPA1 Wi-Fi standard, irrespective of the operating system. Check with the manufacturer for details.

I am a eir Business Customer. Does this affect me?

If you are an eir Business Broadband Customer, the above applies to you as well. eir Business will be reviewing individual environments and making recommendations on appropriate patching for all supported devices.