Krack Attacks: You use WPA2 to access the internet every day, and you could be vulnerable to a Krack Attack.
Virtually all modern WiFi networks employ WPA2 as a security protocol. A couple of months ago, a security researcher named Mathy Vanhoef discovered an existing vulnerability in all WPA2 WiFi network connections. He called this vulnerability a key reinstallation attack or KRACK. Hackers could possibly exploit this flaw to create a copy of data transmitted over the WiFi connection without having to know your device or WiFi password.
As Larry David might say, this flaw could be pretty, pretty, pretty serious. Since almost all internet connections employ WPA2 as a security protocol, it really won’t matter if you get online with your laptop, Android or Apple phone, or any other device. Since the attacker doesn’t need a password, your secured device or router won’t help either.
If a hacker knew how to steal data with a Krack attack, his only limitation would be that he needs to physically be within the range of your online connection. If you’ve ever checked for internet connections on computer or phone, you already know that you are almost always within range of several secured or unsecured connections if you’re at home in your neighborhood or at work in your office.
The hackers steal data through your connection and not from your computer, tablet, or phone so all devices could be impacted. Dozens of name-brand router, computer, and device vendors have been impacted by and notified of the problem. The researcher said that Android and Linux were the most vulnerable. Still, the list of impacted vendors includes Apple, Microsoft, Cisco, and much more.
Vanhoef discovered the possibility of Krack attacks in July of 2017. He promptly contacted vendors but had originally planned to wait a month to publish his findings publicly. When Vanhoef started working with the vendors, the scale of the problem grew larger than was first expected, so he delayed his public announcement until October.
You might wonder why researchers don’t release this sort of security information to protect the public right away. Typically, when security researchers uncover vulnerabilities, they give vendors a chance to take action before they make the information public. Otherwise, hackers might get the information to make use of before the vendors can issue patches. There doesn’t seem to be a lot of information about any true attacks using this method, so in this case, the researcher may have stayed ahead of the criminals.
At this time, Microsoft says they’ve already released a patch. Cisco has released patches for some devices but not all. Dozens of other vendors are working furiously on the problem. You can find a list of patches and status updates on ZDNet. The article said it would get updated with future announcements, but you might also check with your own product maker’s website.
As always, you would be prudent to apply any manufacturer’s updates as you get them. You can also set most devices to accept automatic updates.
These are some steps you can take to protect your own data:
The good news is that there isn’t much evidence that any hackers have actually exploited this flaw yet to steal data. It’s always a positive sign when security researchers discover security problems before criminals do. However, now that this information is publicly available, the situation could change. Vendors are under tremendous pressure to issue patches, but until you’re sure that you’ve received a patch, you should remain aware that your data may not be as secure as you thought it was.
Call our business managed IT services department directly at (404) 777-0147 or simply fill out this form and we will get in touch with you to set up a getting-to-know-you introductory phone call.
Fill in our quick form
We'll schedule an introductory phone call
We'll take the time to listen and plan the next steps
11285 Elkins Rd Suite E1, Roswell, GA 30076
© Copyright 2024 Centerpoint IT. All Rights Reserved. Website in partnership with Tech Pro Marketing. | Privacy Policy
Get Immediate Help For All Your Technology Issues (404) 777-0147
If you want our team at Centerpoint IT to help you with all or any part of your business IT, cybersecurity, or telephone services, just book a call.
Fill in your information below to get started today.
"*" indicates required fields
Fill in your information below to schedule now.
"*" indicates required fields
Before your organization commits to 1, 2, 3 or even longer managed IT services contract, understand what you’re getting. Centerpoint IT gives you the facts in our Managed IT Services Buyer’s Guide.
Enter your information below and we’ll send it over.
"*" indicates required fields
We are turning 15 and want to celebrate this milestone with you because without you this would not have been possible. Throughout this year look for special promotions on services and tools aimed at Making IT Simple for You so you can focus on your business.
We are turning 15 and want to celebrate this milestone with you because without you this would not have been possible. Throughout this year look for special promotions on services and tools aimed at Making IT Simple for You so you can focus on your business.
https://calendly.com/centerpoint-it/discovery-call