Researchers have discovered a key flaw in the WPA2 WiFi encryption protocol that could allow attackers to intercept credit card numbers, passwords, photos and other sensitive information. The flaws, dubbed “Key Reinstallation Attacks,” or “Krack Attacks,” are in the WiFi standard and not specific products.
This means the attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.
Attackers are able to wiretap the connections to your WiFi router and gain access to the data being transmitted. Under special circumstances they are also able to manipulate or forge network traffic.
Android and Linux users are in an especially bad position, as KRACK is highly effective against devices running those operating systems according to Vanhoef, who discovered the flaw. Some even have suggested Android users turn wi-fi capabilities off until the issue is patched, but we believe this is not necessary as long as you are aware of the issue.
However, for attackers to access a WiFi network or device, they need to be in close proximity.
The vast majority of devices are affected and according to a statement by the WiFi Alliance: “This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users.”
The US Computer Emergency Response Team released a list of the vendors that have been informed about the issue and their response. Microsoft for example has already patched the issue and if you have installed the latest updates your computer will be protected.
How to stay safe
- Make sure to check for and install all security updates (patches) that will be or have been released for all your devices that use WiFi (e.g. phone, computer, WiFi router, printer)
- Access sensitive information only via dedicated encrypted connections, e.g. https or virtual private network (VPN)
- Avoid using public or unknown WiFi networks, use your mobile data if possible
If you need any help in updating your devices or mitigating the risk for your company and staff please don’t hesitate and get in touch.
Get in touch with us and we help you stay secure