In the previous week a vulnerability in the WPA2 protocol that is used for wifi devices was disclosed that could put you at risk of letting hackers get hold of your credit card details and personal data.
Here's all you need to know about the Krack hack, including how you can protect yourself from malicious intruders to your network.
It is called a Key Reinstallation Attack, shortened to Krack.
The weakness in the system allows hackers to break into nearby wifi networks to download malware or intercept personal data like photos, passwords and credit card numbers.
In light of the situation, we’ve prepared a very brief summary of the potential impact of this flaw and what you can do to safeguard your devices and your data.
Am I affected?
-Yes. This is a flaw in WPA2 itself, the protocol responsible for negotiating encrypted Wi-Fi connections, as such every WIFI enabled device is affected by this, laptops, TVs, tablets, phones, and even Macs!
How does the WPA2 Krack attack work?
When a wireless device first connects to an access point, the two will first need to negotiate how they intend to encrypt their traffic. During this process they exchange a first key, after this key is exchanged they then continuously change their keys (use once, discard, use new key).
The attack works by convincing the wireless device that it didn’t receive this initial first key, causing the device to re-install and use this first initial key. So long as an attacker can maintain this confusion, network traffic becomes essentially unencrypted.
How bad is it?
Here’s the good part. It’s not as bad as it seems.
There’s been a massive push recently to change the web from HTTP to HTTPS. HTTPS uses its own layer of encryption above and beyond WPA2. All https:// web sites, such as Facebook, Google Search, Google Apps, Gmail, Banking institutions, Office 365 and etc. are still safe and secure. E-mail hosted on modern providers is also safe as it uses its own encryption as well. Gmail, Outlook Live, etc.
Who should worry?
If you’re using what’s known as ‘pop3’ e-mail, such as those provided by older ISPs, there is a very good chance that no extra encryption is being used for your e-mail traffic.
This means that your username and password are being sent in plain text and an attacker could intercept those credentials with ease. If you’re still using a pop3 account, you should consider upgrading to a modern e-mail provider immediately.
If you visit un-encrypted web sites, this vulnerability allows the potential for what’s known as man-in-the-middle attack. Which basically means injecting malware, or fraudulent data, into otherwise ordinary looking web sites.
What’s the fix?
There is a very simple fix for this, of which most vendors have already provided patches. The difficulty is that every single wireless device will need to be patched. If you use a windows PC with automatic updates, you’ve already been patched. However, the access point your PC connects to also needs this patch.
Netmon customers using Ubiquity APs with automatic updates enabled have already been patched as well. As of the time of this writing, all major vendors with the exception of Apple, Google, and Cisco have provided full fixes for this issue.
When can I be patched?
Please contact Netmon if you’d like assistance patching your devices.
Managed services customers will be contacted to schedule a maintenance window once relevant patches have been made available for their environment.