KRACK attack on Wi-Fi Security

KRACK  Attack
Breaks Wi-Fi Security

Cyber Security Risk to You

KRACK, a recently discovered flaw in Wi-Fi security, allows hackers to eavesdrop and capture your private communications. This includes capturing your passwords, credit card numbers, and other sensitive data. 

 

Is your Wi-Fi safe from a KRACK attack?

Unfortunately, probably not.

 

KRACK (Key Reinstallation Attack) penetrates the WPA2 security protocol commonly used on modern Wi-Fi devices. Worse, if an attacker makes it onto your Wi-Fi, they can also look at other phones and laptops attached, including traffic to and from the Internet. 

 

Is a Wi-Fi fix on the way?

 

Yes, but.

Because the repair involves the handshake process between Wi-Fi devices, manufacturers need to issue patches for both Wi-Fi base stations and the end devices.   On the device side, Apple, Google, Microsoft and others are preparing patches for devices.  On the base station side Cisco, Meraki, Linksys and others are preparing updated code for their devices.

 

As usual, you will want to install any updates to your mobile devices when released.  These updates will include a fix for this issue. 

 

Also, have your network administrator patch and update your Wi-Fi base stations as soon as possible. 

 

What can you do in the meantime to protect yourself and this cyber security risk?

 

MBSG and other security consultants continue to recommend these cyber security defenses.

 

  1. Deploy your company’s Wi-Fi unit on its own network, separate from your corporate servers and PC’s. 

    This allows for employees and guests to have access to the Internet from mobile devices but no direct access  to the corporate network. If a hacker were to break into your company’s Wi-Fi, they would only gain access to the Internet -- not your servers.

     https://www.mbsg.net/blog/best-practices-for-guest-wi-fi
  2. Avoid public Wi-Fi. Second best, when accessing public Wi-Fi, use a VPN (Virtual Private Network) to protect your transmission from prying eyes.

    https://www.mbsg.net/blog/how-to-browse-the-internet-anonymously

 

References

For addition information on the KRACK vulnerability, here are some links.

https://www.krackattacks.com/

https://www.kb.cert.org/vuls/id/228519

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

https://www.macrumors.com/2017/10/16/krack-wifi-vulnerabilities-patched-apple-ios-macos/

 

 

About MBSG IT Consultants

 

MBSG provides outsourced IT support and IT strategy--on the ground and in the cloud.

 

MBSG cyber security experts assess corporate infrastructure for information security risks and vulnerabilities. We recommend how to improve cyber security defenses.

 

MBSG provides business owners and managers an independent, second opinion to protect their company.

 

For more information or to ask a question, contact MBSG.