Krack WPA2 – What you need to know
Krack WPA2 – Wireless devices can be hacked
There has been a lot of press lately about wireless devices being hackable via the Krack WPA2 attack. Let’s start with what is most important: You don’t need to panic, and you don’t need to stop using your Wi-Fi. While it is true that security researchers have discovered vulnerabilities that make it possible to intercept and decrypt traffic from most devices connected to a wireless network (wow, it sounds so scary when worded that way), you aren’t in nearly as much peril as the media would have you think.
The bad news
10 vulnerabilities were discovered that prove it is possible to intercept and decrypt traffic from laptops, tablets, phones, and pretty much any other device connected to a wireless network using WPA2, which is probably the most common method. Some platforms, such as Android, are more susceptible than others. This isn’t the fault of the manufacturers, it is a problem with the underlying communication protocol being used by everyone. This means an attacker could, potentially, intercept sensitive information, such as passwords or credit card numbers, if they aren’t encrypted in some additional fashion.
Ok, that sounds really bad. Why shouldn’t I panic?
The security researchers that discovered this issue released their information in a very responsible fashion before going public. Major manufacturers have been working on patches (fixes) for months. You don’t need new equipment; what you have can be made safe, eventually.
For now, know that an attacker would need to target you, specifically. He would need to be on-premises, have a very advanced skill set, and have special hardware and software. Moreover, as of this date, no one has found publicly available code that even makes this attack possible. Just now, you’re pretty safe.
Some vendors, such as Microsoft, WatchGuard, and Aruba, have already released patches to plug the security holes. Others will follow suit in the near future.
What is ITSolutions|Currie doing to keep me safe?
For WatchIT clients, our current established maintenance routines will ensure that patches will be installed as they become available. We take your security very seriously. That said, an “emergency visit” is not necessary.
Great! What do I need to do?
Due to the nature of the vulnerability, the client devices (laptops, phones, etc.) are the most likely target, so they are the highest priority for patching. Keep your eyes open for, and install, updates on any personal devices not maintained by ITSolutions|Currie, such as your phone or personal laptop.
Also, know that attacks wouldn’t be able to see through other types of encryption. For example, data from websites leveraging HTTPS (as opposed to plain old HTTP) will still be unreadably encrypted, even if someone successfully performed the attack, so use HTTPS whenever possible. Communications leveraging VPN connections will also remain secure, for the same reasons.
So, go forth, be wireless, and be safe!