The attack cannot be carried out remotely, an attacker would have to be in range of a Wi-Fi network to carry it out. It would also not work on secured websites – those that use https at the start of their web address instead of http.
Prof Woodward said that the only way to fix the flaw would be to manually replace or patch every router in people’s homes. He said that while the attack was not technically easy, tools would soon spring up allowing criminals to carry out the attack.
Krack attack | What to do about it
First things first: make sure you have a password on your Wi-Fi network. If you don’t, you’re at risk of all kinds of attacks.
If possible, try not to connect to unsecured Wi-Fi networks – these are often seen in hotels, coffee shops and other public spaces. You can tell if a network is secure by a little padlock next to it when you’re selecting the network.
The Krack attack affects secure networks, relying on a flaw in the “handshake” between device and router to insert a new “key” that can decrypt communications, potentially stealing passwords and credit card data
Most banking and online shopping websites use https, an encryption technique that protects you from this flaw. You can check by the little padlock in the top left of the screen by the address bar
The best thing you can do is update your router. Check who makes your router and try their website to find out how to patch it. Updates may not yet be available.
Security experts say that in the meantime, if you’re really concerned you should use a “virtual private network” (VPN) such as NordVPN or TunnelBear.