A major vulnerability has been discovered that affects everyone that uses Wi-Fi. Key Reinstallation Attack, or KRACK, affects the core encryption protocol that most Wi-Fi users depend upon to shield their browsing from others, Wi-Fi Protected Access 2 (WPA2).
WPA2 has been the standard for securing a Wi-Fi access point, especially for businesses. However, WPA2 has a newly discovered flaw that allows a cybercriminal to reuse the encryption keys that are generated when a device and a router connect, which in turn allows them to intercept the data being communicated between the router and the device. This data could include credit card numbers, passwords, and any other information one would input online. Some networks could even allow data to be introduced from outside, for example, a website being infected with ransomware.
Details about the vulnerability will be released on November 1st, which means there is potential that they will fall into the wrong hands if they haven’t already. This gives businesses about two weeks to make sure they are prepared.
Currently, the biggest Achilles’ heel is on the client-side, which means the computers, laptops, and mobile devices are the first priority to update, but network hardware such as access points and routers are important as well.
Fortunately, Microsoft has already released an update to attend to this vulnerability, and Android devices will be rolling out updates during the coming weeks. Anyone running Windows 10 with automatic updates or has recently installed updates should have the fix. Other devices, including smartphones, tablets, and even your network routers and Wi-Fi access points should also be checked for updates.
How to Tell if Your Business is Safe from the KRACK WPA2 Vulnerability
For businesses, the most straightforward answer is if you are paying someone to monitor and maintain your entire network, they should be checking all devices to make sure they are patched to prevent this vulnerability. If you don’t have an agreement with an IT company such as Sagacent, or you don’t have someone on staff who is aware and knowledgeable about the potential threats to your network, it’s more than likely this vulnerability exists (along with many others).
If you aren’t sure, reach out to us as soon as possible. Sagacent can help you keep your network patched and up-to-date. For more information, call us at (408) 248-9800.