On Monday October 16th, the United States Computer Emergency Readiness Team issued vulnerability warning VU#228519. A new wireless router attack method was identified called Key Reinstallation AttaCK a.k.a KRACK. The attack works against all modern protected Wi-Fi networks. The details of KRACK were published last week by Belgian security researchers at KU Leuven university. Beware, this document is technical and is very likely to put you to sleep if you are not interested in technology. On the other hand, everyone should be concerned about security. The article covers some good information. We’ll cover some basic information if you simply want to understand what’s going on without geeking out, as well as more detailed information for the technically inclined. The information below applies to both home and business users.
If you have any questions or concerns feel free to reach out to us at 720-446-8324 or via our contact page. We’re more than happy to look at your business to make sure you’re protected.
Should I be concerned?
Before you go unplugging everything and decide to go off the grid, please note that this flaw is serious but fixable. You should be concerned but not necessarily worried. This is not a hack your general run of the mill hacker is going to deploy outside your window tomorrow. This is a sophisticated hack to pull off. So far there are no known malicious attempts to use this flaw. This will undoubtedly change as hackers find ways to automate the threat making it easy to sell on the dark web.
What are the real-life risks?
This attack can break WPA2 encryption, allowing a hacker to use man-in-the-middle attack to spy on data passing between a device and a wireless access point. The risk is especially high when connected to a Public Wi-Fi network. If you are browsing a website that is not protected by SSL (HTTPS), i.e. that little green padlock at the top of the page) your data can be spied upon by a hacker. Click here for a demonstration of the attack. Obviously, most banks, financial institutions and retailers have “https” enabled so you’re generally safe.
What to do to mitigate this vulnerability?
Contact your Access Point vendor to see if they have a fix for it. Patch the Access point(s) as soon as possible. Do not wait six months, do it now! Many, but not all, wireless vendors have already released patches. Here is a link to a site that is tracking patches for most vendors. At EnTech IT Solutions we use Ubiquity networking devices which released a patch the same day the threat was released to the public. We updated our clients the same day. I would like to give a big shout out to Ubiquity for being one of the first vendors to issue a patch! If you haven’t heard of Ubiquity, contact us immediately for more information, they are awesome! They make some really cool equipment at very reasonable prices. Low enough in fact, for most home users.
Back to the matter at hand. Be sure to patch/update your operating system ASAP. Windows, Apple, Linux and Android OS’s should be updated to the latest versions. Lastly, always assume your data is not private when on a public network. Avoid sites that do not have the “https/the green padlock” in the browser address bar. Especially if you’re sending any sensitive data such as social security numbers, credit card numbers, password etc.
In closing, remember that computers are only as smart as the people that program them! There will always be imperfect software as we are imperfect beings. Taking the steps above will close the vulnerability as fast as possible and protect your network until the next thing comes around!
Updated List of Affected Devices with More vendors