WiFi Vulnerability – KRACK Security Risk
This week we have learned about a WiFi vulnerability called KRACK (Key Reinstallation Attack) – a security flaw in one the most commonly used protocols (WPA2), which could allow someone to break the encryption between a router and a device, allowing them to intercept and interfere with network traffic.
Security researcher Mathy Vanhoef publicly disclosed a serious vulnerability in this encryption protocol that affects all devices that use WiFi.
Minerva are applying patches (as they are released by the manufacturers) to routers and wireless access points for all our customers that have Network Support and require such updates to be applied. Generally however, as a rule it’s your devices that need patching; laptops, phones etc..
What else can I do?
1) Firstly, if you do not have a Network Support contract with Minerva, you should find out if your routers and WiFi access points require an update – you can do this by contacting either the manufacturer or your existing support provider.
2) You should, apply updates to all your devices:
Microsoft has already issued a security patch for Windows 7, Windows 8, Windows 8.1 and Windows 10. All your staff should make sure that there are no pending Windows updates showing in the update notification area. If there are pending updates, these should be applied, particularly on devices which use WiFi.
Apple also has a patch which is being prepared. Unfortunately, the company is going to wait until the next big release to share the fix. Although the fix for this KRACK vulnerability can be fixed by downloading the beta versions of macOS, iOS, tvOS and watchOS; we would recommend some caution on doing this. Apple is hoping to release macOS 10.11.1 and iOS 11.1 in the coming weeks with other bug fixes.
Devices running Android 6.0 and later are more vulnerable than other devices. Google said that the November 6th patch would fix the issue. Google’s own devices will receive the update instantly, but it’s going to take some time before device manufacturers and carriers approve the update. In fact, it could take weeks or months.
The KRACK vulnerability is another example that proves that you should install security updates, where possible, as soon as they’re available. Turn on auto-updates on your devices and click yes if your device prompts you about a patch.
3) Do not connect your wireless devices to an unknown WiFi network, as if it has not been patched, anyone can access your unencrypted internet traffic and collect your personal data.
You should check through your previous WiFi network list on your device (that shows all networks you have previously connected to) and remove/forget any networks which do not have the padlock symbol next to them (i.e. are not secured).
4) Review your network security. If you have any concerns about your network security, you can contact Minerva on 01707 607100 to discuss measures that can be put in place to protect your business.