On October 16th, a security expert from Belgian university KU Leuven claimed he discovered serious vulnerabilities in WPA2, the tool used to protect all modern Wi-Fi connections.
This expert was able to break the WPA2 protocol and steal information transmitted across “safe” Wi-Fi connections. This vulnerability, known as KRACK, got the attention of the Wi-Fi Alliance and the National Cyber Security Centre which confirmed the weaknesses.
How does KRACK exploit Wi-Fi networks?
Essentially, hackers can trick your computer or mobile device into using unsafe encryption protocols. This gives them access into all information passing over any Wi-Fi network secured by WPA2, such as credit card numbers, chat messages, photos, emails, and so on.
Worse still, hackers can use this vulnerability to deliver malware and manipulate data on the victim’s computer or mobile devices.
What does this mean for your business?
Because this has nothing to do with an individual product or implementation, any device you have that supports Wi-Fi can be compromised. Android and Linux platforms are considered the most vulnerable, but Windows and macOS aren’t 100% safe either. Routers from Linksys, MediaTek, and other devices have also proven to be vulnerable to some variant of the attack.
What you need to do
The good news is that KRACK is an incredibly complex attack, which means it will take a lot of time before the vulnerability can be exploited for widespread use.
What’s more, there aren’t too many protocols today that rely solely on WPA2 security. For example, if you type your credit card number into a HTTP website (just look at the address in the toolbar), that information is vulnerable to theft. However, if you submit the same information to an HTTPS website, like the PC LAN TECHS site, it is protected by an extra layer of security and cannot be exploited by KRACK.
The attack is also unlikely to affect the security of information sent over networks that are protected by other encrypted connections such as virtual private networks (VPNs) and SSH communications.
Just to be on the safe side, you should apply updates to your software as soon as they’re available since the attack can be patched. Microsoft has already issued a patch to protect users while Apple confirms that iOS11 and macOS High Sierra are secured. Other devices and operating systems should receive a security update soon.
It’s been over a decade since the WPA2 tool was introduced. Needless to say, it might be time for a new system to take its place. But that’s a story for another time.
At PC LAN TECHS, we remain at the forefront of technology to offer even better IT services and support to our clients. We’ve optimized and maintained the technology infrastructure of businesses in Florida for over 16 years. If you have any questions about this security breach, or want to know how secure your IT systems and devices are, give us a call.