Robocalls are currently the number 1 consumer
complaint to the FCC. In the month of June alone Americans received over
4.4 billion robocalls. The FCC, all of the major phone carriers, along with
other industry professionals specializing in robocall blocking technology have
been working diligently on solutions to these increasingly annoying and
dangerous scam calls. Their most recent tool in the battle? SHAKEN/STIR.
What is SHAKEN/STIR?
Ok, this is quite a name – SHAKEN/STIR stands for
Signature-based Handling of Asserted information using toKENs and the Secure
Telephone Identity Revisited.
Basically SHAKEN/STIR verifies calls that are coming to
your phone and tracks where the call is originating, identifying potential
scammers. The system will use a small symbol or logo to let you know that
the person calling you is, indeed, authentic. While call verification won’t
block annoying robocalls from reaching your phone, it does give you more
information about the caller before you answer the call.
How does that help?
Robocallers have mainly turned to “neighborhood spoofing”
(or replicating a number within your area code that looks familiar to you) so
there’s a much better chance of you picking up the phone. However, once you
pick up the phone, they know your line is active and, therefore, you are likely
to get more calls. SHAKEN/STIR gives you the ability to quickly figure out
whether the call is coming from a real person or a robocaller.
When will roll out and where?
The FCC expects providers to have the SHAKEN/STIR standard
implemented by the end of 2019. The FCC has mandated all of the major phone
carriers uphold this new standard – not only verify the calls within their
network but also the calls coming from other networks.
Upon launch, SHAKEN/STIR will only work in the U.S. Even
though a lot of robocall scams do come from outside the country, most illegal
telemarketing originates from the United States.
Keep in mind that SHAKEN/STIR requires modern phone
systems (such as 4G) to work, so older landlines will not have the new protections.
You may already be noticing the rollout of SHAKEN/STIR
and as the year comes to a close you will see more and more. Do you think that
SHAKEN/STIR will help or not?
Some days, you cannot pick up the phone without running
into yet another fraudster demanding money. Maybe it’s not a bad idea to
just avoid unknown callers. The con artists keep calling hot spots, after all,
where people keep answering the phone. Americans were blasted by 3.36
billion robocalls in April — up 6.5% from a record set in March, according to
the YouMail Robocall Index, a provider of voicemail and call blocking
services. It amounted to about 1,297 robocalls every second.
Most of those calls were from debt collectors, according
to YouMail. But robocalls are being sent by fraudsters to make it look like the
call is coming directly from the Internal Revenue Service, the FBI, your
electric company, a bank or Microsoft.
Some firm use “neighborhood spoofing”
technology to make it seem like calls were from local area codes, even using
the first three numbers of the recipient’s own phone number to encourage people
to answer robocalls, according to the FCC.
The robocall revolt is building.
Democratic lawmakers in Washington have introduced
various bills to stop robocalls, automated calls that use a computerized system
to deliver recorded messages to cell phones and landlines. One bill, called the
Stopping Bad Robocalls Act, would strengthen the Telephone Consumer Protection
Act and help the Federal Communications Commission more take action against
“Robocalls are a great annoyance for American
families, especially American seniors,” said U.S. Rep. Debbie Dingell,
D-Mich., in opening remarks at a robocalls hearing before the Digital Commerce
and Consumer Protection subcommittee. “One-third of calls are now
unwanted robocalls,” she said.
Unwanted calls — including illegal robocalls used by
criminals pretending to be from the IRS and elsewhere, spoofed calls and
telemarketing — are a major source of complaints for regulators. The Federal
Trade Commission estimated that fraud from unwanted calls costs consumers about
$9.5 billion annually. In fiscal 2017, the FTC received more than 4.5 million
complaints regarding robocalls and nearly another 2.6 million complaints about
Consumers can report unwanted calls at
Here’s what to watch out for now:
1.) FAKE CALL FROM A “NEIGHBOR”
You’re always inclined to pick up the phone when you can
see the call is from your own area code even if you don’t recognize the entire
number. But scammers increasingly know how to manipulate caller identification
information to make it seem that the call is from a local area code — even
though the con artists might be operating in another state or overseas. “Scammers
use such spoofing to increase the likelihood that consumers pick up the phone
and to increase the consumer’s trust in the call,” according to a warning
from the Federal Communications Commission.
2.) FAKE UTILITY BILL COLLECTOR
Fraudsters aren’t just calling to demand money for unpaid
tax bills. Some scams have morphed into attempts to con people into handing
over money for fake utility bills, too.
The phony utility collection calls are rampant across the
country, but typically don’t start out with a robocall. It starts out with a
real person and they call and say, “We’re going to shut off your lights in two
hours unless you pay this money.” Then the robocalls begin.
In addition to collection calls, consumers are getting
hit with other utility-related robocalls. About 19 million such utility-scam
calls were made in March relating to a pitch involving “save money — need
your info,” according to YouMail. One scam: A robocall may suggest a
program that can pay your utility bills at a discount if you wire money
elsewhere first, instead of paying your utility directly… which is obviously, a
3.) FAKE IRS BILL
Crooks are now using telephone numbers that are spoofed
to look like they’re from the IRS Taxpayer Assistance Centers to trick
taxpayers into paying nonexistent bills, according to the Internal Revenue
Service. Scam artists have programmed their computers to display the TAC
phone number to appear on the taxpayer’s Caller ID. When a taxpayer
questions whether the call is real, the con artist directs the taxpayer to the
IRS.gov site to “confirm” that the call is from a legitimate number
for a local TAC office.
After the taxpayer has “verified” the call
number, the fraudsters resume their demands for money — typically on a prepaid
card or a gift card.
The use of a prepaid card or a gift card enables a
fraudster to practically immediately transfer money from the card purchased by
the consumer onto another card held by the crooks. Think of it like
transferring two or three Starbucks gift cards onto your Starbucks gold rewards
More than 43 million robocalls were made in March alone
relating to IRS-related scams — nearly doubling from February, according to
YouMail’s research. Regardless of how authentic the caller ID might look,
the IRS warns that taxpayers should never fall for unreasonable demands. If
the contact from the IRS is threatening in any way, demanding immediate
payment, and demanding payment by a particular method – it’s not the IRS.
4.) FAKE 0% CREDIT CARD OFFER
Nearly 123 million robocalls were made in March with a
promise to get your credit card rates down to 0%. It was the most frequent scam
robocall in March, according to YouMail’s research. Sometimes, you’ll hear
from “Heather in Account Services” or maybe someone from “Card Member
In some scams, you might be asked for an up-front fee to
get the ball rolling on those lower rates. In another twist, scammers promising
a low rate might ask you to read off your credit card number first to them over
the phone to verify the card.
Don’t pay the fee or hand over your credit card
information to strangers.
Amendments to the FTC’s Telemarketing Sales Rule prohibit
companies that sell relief services like these rate reduction scams on the
phone from charging a fee before they settle or reduce your debt.
A better bet? Call the credit card company directly to
request a reduced rate.
5.) FAKE MONEY-MAKING GUARANTEE
One word can make a questionable investment seem less
suspect — guarantee. But the Financial Industry Regulatory Authority, or FINRA,
warns that impostors have been posing as securities regulators and offering
ironclad investment guarantees in a phony pitch to buy up virtually worthless
shares of stock.
Scammers often send investors “official-looking
documents, complete with logos and seals” as part of the ploy to make
their stock buyback pitch look more legitimate. In some cases, the con
artists want personal information that can be used for ID theft. Or they might
ask for an advance fee to handle the sale of some stock. Once you send the
money, you never see it — or any of the money promised from the stock buyback again.
FINRA has a toll-free number for senior investors who
have concerns about their brokers and investments, as well as questions about
potential scams. The hotline: 844-574-3577. The phone is staffed from 9 a.m. to
5 p.m. ET on weekdays.
Remember, con artists are able to share lists of names
and phone numbers, as well as some financial holdings of potential victims. So
they might be able to sound legitimate. The financial fraudsters are more
than willing to make repeated phone calls, too.
Hang up. Do not engage. Do not respond.
The risk of being scammed goes up when you answer some of
we celebrate eight incredible and wonderful years as your TeCHS we can’t help
but look back at everyone and everything that has helped us, guided us, taught
us, hired us, partnered with us, and shared with us. We truly appreciate
everything our amazing vendors, clients, partners and customers have done for
us – thank you for your referrals and for your business. We truly
appreciate you and we look forward to continue serving your technology needs.
you know that TeCHS used to be called Leader Creative Services? Leader Creative
Services was started and run by Kim alone back in 2003 and only offered graphic
design services. Then we (Kim and Seth) started dating and married… on our
honeymoon we decided to team up in business as well and on June 03, 2011
we decided to change the name of the business to better reflect all of the
technical solutions we will offer all of Ventura County together. Thus TeCHS
and Kim, your TeCHS, are proud Ventura natives with well over 30 years of
combined tech-y knowledge and know how. We strive to keep everyone’s digital
life running smoothly and to keep business and money in our beautiful and
wonderful county! From the home user to local business needs – we provide
affordable, fast, friendly, professional and reliable services for everything
from your toaster to your website!
repair, virus removal, TV wall mounting, tech tutoring, graphic design,
web design, and so much more.
can’t wait to see what the next year will bring!
Many of you have most likely seen the above graphic on social media… but is it true?
This is one of the very rare times that I can say that something like this swirling around social media is sort of actually true! There is, however, a catch.
The Bluetooth sensor in a mobile phone is a potentially useful way to detect and lower the risk of exposure to some common kinds of credit card skimmers… BUT your mobile phone’s Bluetooth sensor won’t detect all kinds of credit card skimmers (the older ones do not use Bluetooth technology) and your phone is prone to false negatives and false positives.
So, if you are at all wary you can give it a try… or simply chose not to use the credit card machine at all.
“Hello! Please don’t hang up… did you know that you could
save a bundle on…?”
4. Use the Best Apps to Block Robocalls
Another way to stop nuisance calls on your smartphone is
via call–blocking apps. These apps can identify who is calling you and
block unwanted calls that show up on a crowd-sourced spam and robocaller list.
Here are the top call blocking apps:
Nomorobo is an iOS and Android app that offers real–time
protection from a growing list of robocallers, telemarketers and phone
scammers. Nomorobo lets the phone ring once, then tries to identify the caller.
If the number is on the app’s robocaller list, the app will automatically block
the call for you.
Nomorobo is free to use for 30 days, and then it costs
$1.99 per month or $19.99 for an entire year. To sign up, you will need to
provide Nomorobo with information. List the type of phone you have – wireless
or landline – and select your carrier. Note: Not all major cell carriers support
The Truecaller app for iOS and Android lets you
find out who’s behind that unknown number. Copy and paste the number into the
app’s search bar. Truecaller will search the unknown number to find out who it
is. With a community-based spam list from over 250 million users, it’s a great
resource to avoid answering an unwanted robocall. Another great feature of
Truecaller is its ability to block spam calls. When a pesky telemarketer calls,
there will be a big warning in red, telling you that it’s a spam call. Just
swipe up when this happens to automatically block that caller and add them to
the spam list. The Truecaller app is free for both download and use. However,
there is a professional version that can be bought as an in-app purchase for
$1.99 per month.
Hiya – Caller ID & Block
The Hiya – Caller ID & Block app is perfect for
identifying calls that you want to accept and blocking calls and texts you want
to avoid. The Hiya app is available for free on both Apple and Android gadgets
with no ads, and it is simple to use. If you had to choose one, this is the
best choice, in my opinion. It allows you to block calls, blacklist unwanted
phone numbers and text messages, reverse phone search incoming call information
and receive spam alerts. The app is powered by a database of hundreds of
millions of phone numbers confirmed to be spam by other users.
Call Control – Call Blocker
The Call Control – Call Blocker app automatically blocks
spam calls and calls from other numbers you don’t want to hear from. You can
block entire area codes (like 888) if you’re getting tons of calls you don’t
want from a particular location. The Call Control app is free and available for
both Apple and Android gadgets. Worried about missing out on important calls?
Call Control gives you your own personal Whitelist and Contacts Protection to
make sure people you know get through. The app’s users actively report their
spammers so its catalog is always up to date. Call Control will
automatically block active spammers, and the reverse lookup allows you to track
them to their source. You can add numbers to the Community Blacklist and choose
to block specific numbers that won’t leave you alone.
5. Some Phones Block Robocalls Automatically
Did you know that some smartphones already have built–in
spam and robocall protection in place? Samsung’s flagship Galaxy and Note
smartphones have a native feature called Smart Call that automatically screens
and flags suspicious numbers. Google’s Android smartphones like the Pixels and
the old Nexus and Android One have built-in spam call protection. With this
feature, users with Caller ID enabled will get a warning if a suspected spam
call or robocall is received. Aside from ignoring the call, the user has the
option to either block the number or whitelist it if the spam flagging is
deemed an error. Any blocked number can be unblocked at any time. An option to
report the call to Google is available.
6. Block Individual Phone Numbers
Here’s a feature that’s available on any iPhone and
Android – the ability to block specific numbers. Although this cannot possibly
stop every robocall and spammer number, you can at least block the recurring
On an iPhone, open your Phone app, go to your Recents
tab, then tap the circular information icon on the right side of the number you
want to block. On the next page, tap “Block this Caller” to put the
number on your block list.
On Android, you can likewise open your Phone app,
navigate to the Recents section, do a long press on the suspicious number then
select “Block/report spam.” (This may vary, depending on the
manufacturer and model of your Android phone.)
7. Set Your Phone on Do Not Disturb
To block every number except your most trusted contacts
or favorites, you can turn on your iPhone or Android phone’s built-in Do Not
Disturb Mode. It’s an extreme solution but it will definitely stop all unwanted
calls, including robocalls, telemarketing calls and spam calls.
Keep in mind that you will undoubtedly miss some
legitimate calls when this mode is on, but unknown callers will always have the
option to leave a voice message. You can add any number to your contacts list
to let them through in the future.
To customize your Do Not Disturb preferences on an
iPhone, go to Settings >> Do Not Disturb. Here, you can turn the
mode on, set a Do Not Disturb schedule and set your allowed calls to either all
your saved contacts or just your Favorites list. To quickly activate Do Not
Disturb, go to your iPhone’s Control Center (swipe down from the upper-right
corner on iPhone X, swipe up from the bottom for other iPhones) and toggle the
Do Not Disturb switch (the icon looks like a moon).
On Android, go to Settings >> Sound (or Sound &
Notification in other phones) >> then Tap Do Not Disturb to customize
your Do Not Disturb settings. To activate Do Not Disturb, simply swipe down
from the top of your display to access the Quick Menu then tap the Do Not
Disturb icon to turn it on. (This may vary, depending on the manufacturer and
model of your Android phone.)
8. Common Sense Prevails
This is the simplest solution, and many people try this
low–tech approach to robocalls. If you receive a call from an unknown number or
one that doesn’t show up on caller ID, don’t answer. If it’s an important call,
the person will leave a message and you can get back to them. Millions of
people are unencumbered by robocalls, and they don’t give these pests a second
thought. But be advised: If you answer the phone and the caller (often a
recording) asks you to hit a button to stop receiving calls, just hang up.
Scammers often use these tricks to identify and target live respondents. Once
they know the number is active, you may receive more calls in the future.
Need assistance? Contact TeCHS! We are happy to help with
any tech need. (800) 669-2022 | www.ezdigitallife.com
“Hello! Please don’t hang up… did you know that you could save a bundle on…?”
UGH… It’s a robocall, another automated telemarketer.
Nowadays, robocalls make up roughly 50 percent of all phone calls. In 2018 alone, robocallers spammed us with 26.3 billion calls. And it’s only going to get worse: Robocalls are going to become more constant in coming years.
You want to yell into the phone: “Don’t call me again! I don’t care who you are! Just go away!” Your words would fall on deaf ears though since there is no one on the other end… and if you breathe even one single word, your voice may be recorded for future use. Fun.
Luckily, you have a whole arsenal of smartphone tools at your disposal. You can block numbers, turn on Do Not Disturb mode, use your carrier’s tools, or use third–party apps to (mostly) end this telephonic pestilence.
Here are a few tips for minimizing, or eradicating those unwanted calls
Reject Anonymous Calls Automatically
Many robocalls come up as “anonymous” on your caller ID, while most businesses and human beings come up as identifiable phone numbers. Chances are, you could terminate all anonymous calls without missing anything important. Depending on your service, you may have access to Anonymous Call Rejection. Enter the magic number *77, and you will hear three beeps. Hang up, and any call that hides its number will be rejected. This service varies by carrier, and some carriers charge extra. But it’s a helpful tool for scammers or robocallers who slip through the Do Not Call Registry.
Join the National Do Not Call Registry List
Millions rejoiced when the FTC created the National Do Not Call Registry – and in a perfect world, signing up would stop telemarketers from calling you. Technically, it’s illegal for telemarketers to call you if you are on this list. But the world isn’t perfect. Scammers don’t follow the rules, nor do they care about this list. It’s still smart to register your number as an added layer of protection against unwanted calls. Just go to the website donotcall.gov and enter the landline or cellphone number you want on the list. You can also call 1-888-382-1222 from any phone you want on the list. That’s all it takes, and your number stays on the list until you ask for it to be removed or you give up the number. Once you sign up, the Do Not Call list takes you off for-profit business call lists, but it isn’t immediate.
Telemarketers update their listings only periodically, so the FTC says it can take up to 31 days. Also, political organizations, charities and survey takers are still permitted to call you. Businesses you’ve bought something from or made a payment to in the last 18 months have a right to call. When they call, however, firmly tell them to take you off their list and they have to honor your request, although they might still try to talk you into reconsidering.
Use Carrier Tools to Block Unwanted Calls
The four major carriers have tools to identify, filter and prevent suspected nuisance numbers from calling or texting your phone. Most require an extra monthly fee to activate the caller ID service, but network-level blocking is free of charge across all the carriers.
AT&T subscribers can use a free iOS and Android app called AT&T Call Protect. It has automatic fraud blocking and suspected spam warnings. You can manually block unwanted calls.
Verizon recently announced a free call-blocking service that debuts in March. Verizon previously offered a “Caller Filter” service for $2.99 per month per line. Verizon also has identified 300 million spam and scam phone numbers that it will block through free spam alerting and call-blocking tools also coming in March.
T-Mobile provides two free ways to combat robocallers and spam calls. First is Scam ID, an automatic system that identifies spam numbers when your phone rings. T-Mobile automatically does this on its network, and there’s no app to install or service to turn on. The second free method is Scam Block. Unlike Scam ID, which simply identifies known spam numbers, Scam Block gives you an option to block those numbers. To turn this on, dial #662# on your T-Mobile handset. To turn it off, dial #632#. Similar to Verizon’s Caller Name ID, T-Mobile has its own paid “Name ID” service, which identifies and provides caller information like the name, location and type of organization. You can block them as needed. This is included in T-Mobile ONE Plus plans. For other T-Mobile plans, it costs $4 a month per line.
Sprint customers can sign up for its “Premium Caller ID” service to protect themselves from robocalls and caller ID spoofers. This service is $2.99 a month, and it provides a threat level indicator to give customers an idea of how suspicious a call is. It does this by flagging calls with real-time data trends gathered across the U.S. This service doesn’t automatically block known spam calls. Based on the threat level, you can choose to answer the call, block the number or report it to prevent future calls.
TO BE CONTINUED NEXT MONTH… with Apps to block scammers and other tricks already built into your cell phone.
Need assistance? Contact TeCHS! We are happy to help with any tech need. (800) 669-2022 | www.ezdigitallife.com
We get this question a lot so I thought we should re-post this blog…
Your Wi-Fi signal strength begins to drop the farther away from the router you are. If your router is in the front of your house and your bedroom is in the back, you may be accustomed to slow internet speeds. The severity of the slow-down depends on quite a few things: your home’s construction, your router’s location, what router you are using, your internet provider, etc. Regardless of the other issues, where you put your router really can make a big difference.
Keep it central
Location, location, location! Location is key. Try to find the most central place in your home for your router. It is worth buying some longer cables and running the wire to the most central location that you can in your home. Consider even mounting the router on a wall or in a corner by the ceiling if you have two floors (radio waves generally spread out and towards the ground, not up). Think about putting your router on the second floor if you have one. Router antennas broadcast in all directions, so if you place your router next to a wall adjacent to your neighbor’s apartment, they’re getting that slice of your signal.
Avoid impenetrable obstructions
Radio waves certainly travel through walls, but the thicker the wall, the weaker the signal will be on the other side. If your home is fortified with brick or concrete walls, the signal is going to be absorbed by the wall and lose significant strength when traveling through it. Same goes for water, like a big fish tank, which can cause a lot of resistance for your signal. Metal and mirrors are also your enemy because those materials actually reflect radio waves, so putting the router behind a TV or in a bathroom is ill advised.
Avoid the kitchen
When it comes to battling any potential buffering of your Wi-Fi signal, the microwave is not your friend. Microwaves and WiFi routers operate using the same frequency. Additionally, metal objects will absorb a signal, and with a metal fridge, stove, and other kitchen appliances. It’s best to just keep the router out of the kitchen.
Play with the antenna
All the magic happens with the antenna. It’s the part of the router that’s broadcasting and receiving your WiFi connection. Antennas usually can move side to side or sometimes pivot full-circle in their socket. Play around with directing the antennas to increase the signal strength.
Last tip: ALWAYS password protect your WiFi.
For more information, or for assistance with your WiFi, contact TeCHS!
We are fast, affordable, and friendly. Serving all of Ventura County.
As we start a whole new year – make sure that you keep your information, identity, and computer safe from criminals.
How can I keep my information safe in 2019?
Keep your computer’s spyware and antivirus software up to date and scan your computer regularly.
Make sure you have firewalls up and running at all times. Whether it’s the built-in Windows firewall, your router’s firewall or a 3rd party firewall software; or all of them in combination if you really want to make sure they are working.
Don’t share your passwords, credit card numbers, social security numbers or any other pertinent information with anyone.
Don’t write your passwords down anywhere someone could stumble upon them. It’s best if you don’t keep written records of your passwords, but with the amount of passwords people need now, it’s getting a bit more complicated to keep track of them all without writing them down.
Always be wary of emails asking for your personal or financial information. Don’t click on links or open emails that seem suspicious to you at all. Even one simple click can open your computer up to a criminal – installing malicious software and stealing your information. Never click on links in emails or links on web sites that you don’t know or don’t trust. If you get an email from “your bank” saying you need to log into your account right away for any reason, but you aren’t sure the email is actually coming from your bank then don’t click on any links in that email. Open a new internet browser, type in the URL yourself and then log in to your account and make sure everything is as it should be. If a link doesn’t feel right, don’t click it.
Keep an eye on your assets and your credit and check on everything on a regular basis. Make sure to report any odd or suspicious activity immediately. Switch over to paperless billing and statements. Pretty much everyone now-a-days offers paperless statements… banks, credit cards, house-hold billing companies. Having them all delivered to your email inbox instead of your physical address saves paper, postage and also eliminates the possibility of someone stealing your mail.
Never write your full account numbers on your checks when you pay your bills, especially when paying credit card bills, just write in the last four digits of your account number.
Always shred documents you do not need, don’t just throw them in the trash. Criminals do sift through your trash looking for pertinent documents.
Don’t broadcast that you are leaving town, or that you are out of town, on social networking sites. That is sort of like putting up a flashing neon sign over your house that says “no one is home and no one will be home for a while, so come on in and take what you want.” Wait until you return home from your trip to talk about it.
Worried something is amiss:
Immediately file a fraud alert on your credit report by calling Equifax (888-766-0008), TransUnion (800-680-7289) or Experian (888-397-3742). After you have filed your reports, make sure that you directly call the issuers of any credit cards that you feel may have been affected.
Contact TeCHS! We can do a thorough check of your computer to make sure that you are free of viruses, malware, or spyware that could be sending your information to criminals.
As we celebrate seven incredible and wonderful years as TeCHS we can’t help but look back at everyone and everything that has helped us, guided us, taught us, hired us, partnered with us, and shared with us. We truly appreciate everything our amazing vendors, clients, partners and customers have done for us – thank you for your referrals and for your business. We truly appreciate you and we look forward to continue serving your technology needs.
Did you know that TeCHS used to be called Leader Creative Services? Leader Creative Services was started and run by Kim alone back in 2003 and only offered graphic design services. Then we (Kim and Seth) started dating and married… on our honeymoon we decided to team up in business as well and on June 03, 2011 we decided to change the name of the business to better reflect all of the technical solutions we will offer all of Ventura County together. Thus TeCHS was born!
Seth and Kim, your TeCHS, are proud Ventura natives with well over 30 years of combined tech-y knowledge and know how. We strive to keep everyone’s digital life running smoothly and to keep business and money in our beautiful and wonderful county! From the home user to local business needs – we provide affordable, fast, friendly, professional and reliable services for everything from your toaster to your website!
We can’t wait to see what the next year will bring!
A devastating flaw in Wi-Fi’s WPA security protocol makes it possible for attackers to eavesdrop on your data when you connect to Wi-Fi. Dubbed KRACK, the issue affects the Wi-Fi protocol itself—not specific products or implementations—and works against all modern protected Wi-Fi networks. Which means that if your device uses Wi-Fi, KRACK likely impacts it.
Read on for what you need to know about the KRACK Wi-Fi vulnerability, from how it works to how to best protect yourself against it.
How does KRACK break Wi-Fi security?
KRACK (short for Key Reinstallation AttaCK) targets the third step in a four-way authentication “handshake” performed when your Wi-Fi client device attempts to connect to a protected Wi-Fi network. The encryption key can be resent multiple times during step three, and if attackers collect and replay those retransmissions in particular ways, Wi-Fi security encryption can be broken.
What devices are affected by KRACK?
If your device uses Wi-Fi, it’s likely vulnerable to the KRACK Wi-Fi security flaw to some degree, though some get it worse than others.
What happens when Wi-Fi security is broken?
For starters, the attacker can eavesdrop on all traffic you send over the network. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.
How to protect yourself from KRACK’s Wi-Fi flaw
Keep your devices up to date! Given the potential reach of KRACK, expect new patches to come quickly from major hardware and operating system vendors. Microsoft says a security patch is already incoming for Windows PCs.
Until those updates appear, consumers can still take steps to safeguard against KRACK. The easiest thing would be to simply use a wired ethernet connection, or stick to your cellular connection on a phone. That’s not always possible though.
If you need to use a public Wi-Fi hotspot—even one that’s password protected—stick to websites that use HTTPS encryption. Secure websites are still secure even with Wi-Fi security broken. The URLs of encrypted websites will start with “HTTPS,” while unsecured websites are prefaced by “HTTP.”
And again, keep your security software up to date to protect against potential code injected malware.
Device and router Wi-Fi security FAQ
Is my phone at risk?
KRACK is a different sort of attack than previous exploits, in that it doesn’t go after devices, it goes after the information you use them to send. So while the data stored on your phone is safe from hacking, whenever you use it to send a credit card number, password, email, or message over Wi-Fi, that data could be stolen.
So my router is vulnerable?
That’s closer, but still not totally accurate. It’s not the device that’s at risk, it’s the information, so the sites you visit that aren’t HTTPS are most vulnerable.
Oh, so I should change my Wi-Fi password then?
Well, you can, but it’s not going to stop the likelihood of attack. The exploit targets information that should have been encrypted by your router, so the attacker doesn’t need to crack your password to implement it. In fact, it has no bearing on the attack whatsoever.
So all devices are at risk?
Now you’re getting it. However, while any device that sends and receives data over Wi-Fi is at risk, the researchers who uncovered the attack said Android devices were more at risk than other mobile phones.
Great, I have an Android phone. But I’m running Nougat so I’m safe, right?
Unfortunately, no. Newer phones running Android 6.0 or later are actually more at risk since there is an existing vulnerability in the code that compounds the issue and makes it easier to “intercept and manipulate traffic.”
So is my iPhone safe?
Safer than Android, but still not entirely safe.
What about my Mac?
The researchers who found the bug initially had a harder time cracking macOS, but subsequent attacks were easier to implement.
And Windows PCs too?
Yup, same deal, but Microsoft said in a statement that it has a security update to address this issue is incoming.
I run Linux. I’m impenetrable to attack, right?
Not quite. Researchers actually found that Linux machines were the most vulnerable desktop devices, with a similar bug to the one found in the Android code.
So should I turn off Wi-Fi?
That’s probably not a viable option for most people, but if you’re completely panic-stricken, then the only way to be completely safe is to avoid using Wi-Fi until you know your router has been patched.
OK, I’m not doing that. What else can I do?
Right now, all you can do is wait. Google has already confirmed that it is aware of the issue and will be distributing a patch, and Apple and Microsoft will presumably do the same, as well as Linux purveyors. So keep checking for updates and install them when they arrive.