A serious vulnerability, called KRACK, has been found in the security protocol (WPA2) that is used by the majority of wireless networks world-wide. This vulnerability opens up the possibility of potential hackers stealing critical and sensitive data by just being in range of a vulnerable
network.
The attacker within range of a victim can use these weaknesses to read information that was previously assumed to be encrypted and unreadable. Information such as credit card numbers, passwords, chat messages, emails, photos, documents etc are at risk.
Devices that are affected are not just desktop or laptop computers but also smart phones, including Apple devices and Android devices, routers and firewalls and anything that can connect to a wireless network.
The Good News
The good news is that it’s what we call a shallow bug, nearly every device that uses Wi-Fi is vulnerable but the hack is difficult to execute. The hacker would need to be within Wi-Fi range of the network you are connected to, to carry out the ‘hack’. This dramatically reduces the risk that the average person will be targeted but the risk is obviously still there if you’re on a vulnerable network or have a vulnerable device.
What should you do?
- The first thing to do is patch your computer systems.
- Update your iPhone and Android phone with the latest patches.
- Patch your routers and firewalls.
- Investigate what other wireless devices you have and
- speak to the manufacturer of your smart devices and ask what their plans are for remediation.
Other pre-cautions you can take:
- Stay off free wi-fi and use 4G instead.
- Use a paid, secure VPN
You need to be extremely careful with public Wi-Fi
Patching your own device doesn’t guarantee you’re safe if you connect to a public Wi-Fi network that hasn’t been patched. That’s because if you are sending information through the unpatched access point on that Wi-Fi network it can still be looked by people who are connected.
So places like the local coffee shop could have unpatched Wi-Fi networks for a long time to come.
Should I change my password?
It won’t make any difference. KRACK doesn’t need your password to get access.
Who needs to fix it?
Basically the manufacturers of any wireless devices need to issue patches that remediate the threat, however, some manufacturers are notoriously bad at issuing patches so we could see vulnerable Wi-Fi networks and devices for years to come, especially smart devices including tvs, webcams, security cameras, alarm systems etc.
These smart devices rarely receive the necessary software updates to correct issues and because this threat impacts the whole industry rather than being specific to the device it requires a co-ordinated effort to fix it, which will be a long and drawn out affair.
On the positive side:
- Microsoft have already released a security patch.
- Apple will be rolling out a software update in a few weeks.
- Google Mobile will be rolling out a software update in a few weeks.
- Samsung Mobile are still investigating and will roll out patches where needed.
If you need any assistance with your cyber security or you don’t know where to start please call us on 1300 478 738 or email us at info@suretyit.com.au.
