Security Alert: WiFi vulnerability
This month researchers revealed details of a new exploit called KRACK which impacts WPA2 a security protocol of many WiFi connections.
KRACK stands for Key Reinstallation AttaCK.
Mathy Vanhoef who discovered the vulnerability said “Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks…” Source.
What could this mean for me?
If your device supports WiFi then it is most likely affected, it has been found that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys are all vulnerable to this kind of attack. Device wise this means all hardware connected to the internet in your home or office is affected.
Do not panic and disconnect everything from the WiFi though. This vulnerability is something to be aware of and take measures to mitigate the impact of, however, there is currently no evidence that the vulnerability has been taken advantage of.
How can I protect my business?
In regards to preventing an attack Vanhoef has said: “To prevent the attack, users must update affected products as soon as security updates become available.”
The benefit of the vulnerability being publicised and impacting such a broad spectrum of devices, is that updates are already rolling out and some of your devices will already have been patched by updates.
What does this mean for the future of WiFi?
There does seem to be an agreement that the WiFi standard should be updated to prevent vulnerabilities like this. This being said, there are no plans to update the WiFi standard at this time and the best way to protect your business (and yourself) is to make sure any device updates are carried out.