You may have recently heard something about the Wi-Fi standard being broken… what’s that all about? On October 15th, information security researchers disclosed to the world a previously unknown vulnerability in the WPA2 Wi-Fi encryption standard, dubbing it KRACK for “Key Reinstallation Attack”.
What is affected?
KRACK is a “zero-day exploit” (i.e. a previously unknown system flaw) that affects every Wi-Fi-capable device in the world — laptops, routers, smartphones, tablets — and allows for interception of unencrypted data on those devices. The global scale of the KRACK vulnerability is immense and definitely alarming, but it has its limitations and there’s actually no reason to panic. For starters, potential hackers have to be within physical range of a target WPA2 Wi-Fi network in order to carry out an attack. Even better news: HTTPS secure traffic is immune to the vulnerability.
As far as the range of device types affected, KRACK has more profound negative implications for Android 6.0 and Linux devices. Other major device manufacturers are affected, though not as severely — Windows, iOS, and MacOS device vulnerabilities are less practical to exploit and patches are forthcoming.
What should you do?
As of right now, not much. It’s important to note that the KRACK researchers are adamant all Wi-Fi users continue to operate using the WPA2 encryption standard until KRACK-resistant patches are developed and released by vendors. Microsoft has already deployed a patch and Apple has a patch being tested in beta iOS versions. Unfortunately, not all devices will be patched immediately, with Google promising a patch in the coming weeks for Android phones. Nor will all devices be definitively patched due to some manufacturers’ discontinuing product lines or going out of business. Internet of Things (IoT) devices, in many cases, will be more difficult to update due to their inherently “closed” nature.
KRACK isn’t a reason to panic, but it is cause for concern. Keep an eye out for device updates in the near future, and keeping checking on the timelines for patches. Remember, there’s not a lot you can do right now, and devices not prone to automatic software and/or firmware updates are your biggest points of weakness.
Talk To Allied Today
We’re here to be a trusted technical advisor for our clients on all issues related to networks and security. Connect with us using the form below and Allied will get you connected to the cloud!