Call Us at 866-526-9750

PC Works Plus


Check out David Wertz's weekly article and information he has shared on LinkedIn

“KRACK” Attack: WiFi Security flaw

Categories: Security

“KRACK” Attack: WiFi Security flaw

October 19, 2017

On Monday, a serious weakness was discovered in WPA2, a protocol that secures all modern protected Wi-Fi networks. The flaw allows potential attackers to leverage this vulnerability to break into the WPA2 security model and steal data flowing between wireless devices and the targeted Wi-Fi network. What’s so concerning about this particular attack—dubbed “KRACK,” which is short for key reinstallation attack—is that it works against all modern protected Wi-Fi networks, allowing attackers to not only read and steal information transmitted across Wi-Fi, but also potentially manipulate the data or insert malware.

Who is at risk?

Unfortunately, every Wi-Fi connection is vulnerable, including any devices that support Wi-Fi. Research has discovered that the vulnerability potentially impacts a wide range of devices including those running operating systems from Android, Apple, Linux, OpenBSD, Windows, and others in some variant.

This is NOT an attack that can be done remotely (outside of the range of the WiFi signal).  This is a proximity-based attack.  This means that in order to exploit the weakness, an attacker would have to be within range of the wireless environment.

What should you do to protect your network?

It is important to remember that this attack does not target the WiFi access points, but rather the devices that are connecting to an access point (phone, tablet, laptop, etc).  The problem will ultimately be resolved by updates to devices, so doing updates on endpoints is critical.

Here is a running list of hardware vendors that are known to be affected by this vulnerability, as well as links to available advisories and patches.

Another intermediate option is to use VPN’s over WiFi to encrypt, but in many cases this isn’t practical.

Educate Yourself!

Checkout free reports and newsletters to educate yourself on Network Security, Data Protection and Tips and Tricks.

Let's Go!