Vulnerability puts nearly all WiFi devices and routers at risk
Recently, we learned about KRACK (or Key Reinstallation Attack) – a security flaw in the WPA2 protocol, which could see an adversary break the encryption between a router and a device, allowing them to intercept and interfere with network traffic.
KRACK better explained:
A hacker finds a network they want to breach that uses WPA2-PSK, and waits for an individual to connect. This could be at a coffee shop, or an office. PA2-PSK is an encrypted connection that requires individuals to connect with a password.
When an individual connects to a Wi-Fi hotspot, long before they visit any websites, their laptop or phone will do something called a four-way handshake. This is a process that checks that the password the user has provided is correct, and establishes the encrypted connection between the router and the device.
Here, the hacker interferes with the initial handshake between your device and the WiFi router in a way that allows the attacker to gain an ability to decrypt the traffic you exchange over WiFi. This means they’re able to do many, many bad things without even being on the network.
Solution:
Make sure that you install all security updates as soon as they are available. Turn on auto-updates on your devices and click yes if your device prompts you about a patch.
First, update your WiFi access point.
Second, make sure your computer/laptop is fully up to date.
- Microsoft has already issued a security patch for Windows 7, Windows 8, Windows 8.1, and Window 10.
- Apple is going to release macOS 10.13.1 and iOS 11.1 in the coming weeks with the patch along with other bug fixes.
- Google will issue the patch on November 6th, which will have the fix updated instantly.
*Windward has already performed these patches for the WiFi routers and devices connected to the networks within your office*