We wanted to notify our clients about a recent hack that has been discovered that affects all Wi-Fi networks. This includes Wi-Fi networks that we manage, however we have taken every necessary step to resolve this issue by patching computers and installing firmware updates where available.
KRACK is an attack that currently threatens all Wi-Fi networks protected using the Wi-Fi Protected Access II (WPA2) security protocol. In full, KRACK means Key Re-installation AttaCK. KRACK Wi-Fi security weakness is a result of a network vulnerability that makes it possible for a hacker to break into a WPA2 protected network, inject, manipulate and steal data such as photos, passwords and chat messages. It is a vulnerability that exists on almost every platform including Apple, Windows, Android, Linux and OpenBSD.
Scary as it may sound, there are several factors that downplay the risk posed by KRACK.
First, the attack must be executed within the range of the wireless signal as opposed to being done remotely. An attacker would need to be between an access point and your device. This makes it relatively easier to deal with the attack, since work areas can be protected using advanced technology such as motion sensor cameras to detect the presence of people in restricted areas and fingerprint access to keep out unauthorized personnel.
Second, sensitive information such as financial data or emails that malicious people are usually after is normally already protected using Secure Sockets Layer (SSL). WPA2 only adds an additional layer of protection. As such, should such data get into the wrong hands, it would still be protected by an end-to-end encryption that is practically impossible to defeat.
To add a layer of protection to data, it is advisable to surf the internet using browsers with security add-ons such as HTTPS Everywhere. Such add-ons force connections to protect your data through encryption whether such encryption is the default for the website or not. So far, there has been no reported breach traced to this vulnerability. Wi-Fi Alliance chose to report this vulnerability merely to inform Wi-Fi users and also to encourage them to patch their systems as soon as updates were available. These updates are backed up by the fact that so far, new versions of Apple and Windows operating systems have not appeared to been vulnerable to this attack. However, experts say there is a very slim chance that in very specific circumstances, KRACK may be successful in penetration attempts.
Although many people enjoy the convenience a Wi-Fi network offers, we would not recommend using any form of Wi-Fi on a secure corporate network. Wi-Fi should only be enabled on separated networks giving access to the internet but not files and folders on the network. Here at CCCit we take network security very seriously and always endeavor to keep up to date with any changes or important information released about products and services we manage and support. If you have any questions regarding the information provided here please feel free to contact us. If you think the information here will be of benefit to someone you know please share it.
Kind regards,
CCCit Team