Ensuring all your Wi-Fi enabled devices are up to date on the latest patch should be a priority. This goes for not only your mobile devices such as laptop and smartphone, but also your Internet-of-things(IOT) enabled devices as well.
Wi-Fi Protected Access 2(WPA2) is the current industry standard and widely implemented by most organizations to protect their wireless. Unfortunately, researcher Mathy Vanhoef from a Belgian university KU Leuven, has identified an exploit for WPA2 that makes it a widespread security vulnerability for hackers.
This exploit named KRACK, which stands for Key Reinstallaction Attack, allows hackers to read and steal data that would be otherwise protected. This means a hacker can steal your passwords, credit card information and essentially look at everything you are doing online.
What is creating this vulnerability?
Vanhoef has identified that the vulnerability is in the so-called “four-way handshake” of the WPA2 protocol. KRACK, allows the hacker to tamper with the process and enable them to reinstall a cryptographic key that’s already been used. Every key should be unique and not re-usable to provide security. This allows the hacker to replay and decrypt packets sent between your device and the Wi-Fi access point.
Limitations of KRACK
There are limitations because the hacker needs to be within physical range of the Wi-Fi network. Unfortunately, because of the wide spread use of WPA2 this exploit still remains a high concern.
Most current version of iOS and Windows are vulnerable because of the way Apple and Microsoft have implemented the WPA2 Standard.
The Wi-Fi Alliance recently released a statement that for certification moving forward, “now requires testing for this vulnerability and has provided a vulnerability detection tool for use by any Wi-Fi Alliance members”. This will help keep new devices safe but won’t address the devices currently in the market.
How can I protect myself from KRACK
For now you should be ensuring that you are installing the latest updates for your Wi-Fi enabled devices. This may mean that you will need to reach out to your vendors to find out when patches are coming. Secondly, be wary of connecting to public Wi-Fi channels that you don’t know are 100% secure. Finally, check for the HTTPS encryption when sharing sensitive data on websites.
Secondly, proper network segmentation can provide further security to prevent your business from being completely compromised.
If you are concerned about the security of your network feel free to reach out to us at happier IT. We have created scripts that scan our clients network for machines with the vulnerability and perform device audits. Schedule a demo with us today to learn more about the different services that we provide.