KRACK WiFi Vulnerability
Security expert identifies new far-reaching WiFi vulnerability
Security experts have identified a serious vulnerability with WPA2 encryption protocol affecting WiFi networks around the world.
The vulnerability, discovered by security researcher Mathy Vanhoef, allows the interception of certain traffic between your devices and the WiFi router. An attacker can use this technique to read information that has, until now, been assumed is safely encrypted. Such an attack could be used to steal sensitive information including credit card details, passwords, emails, photos or anything transmitted across the network.
The vulnerability which affects all modern protected WiFi networks, can also be used to inject and manipulate data, such as ransomware, if the network is configured in a certain way – so businesses now need to take action and ensure their WiFi networks are appropriately secure.
Experts have, however, been quick to outline what lengths any would be attacker would need to go to actually implement the attack and the extent of the information they can obtain. Firstly, this hack can not be used to steal your WiFi password. Additionally, attackers would only be able to intercept traffic across the network when they are within range of your network, NOT from distance – although technically a “zombie” computer near to your network could be used, but this then becomes a far more sophisticated attack and much less likely.
Some quick advice to mitigate risk of attack, Panoptics would suggest…
- Update all the wireless devices, including routers, laptops, mobiles and tablets with the latest security patches
- Contact your ISP and request a security patch for your router
- If the router does not have a patch yet, use ethernet for the time being
- Install the HTTPS Everywhere extension
If you’re concerned about the risks of this vulnerability or would like to discuss fully protecting your business’s WiFi, just get in touch and we’ll be happy to help.