A major vulnerability has been discovered that affects everyone that uses Wi-Fi. Key Reinstallation Attack, or KRACK, affects the core encryption protocol that most Wi-Fi users depend upon to shield their browsing from others, Wi-Fi Protected Access 2 (WPA2).
WPA2 has been the standard for securing a Wi-Fi access point, especially for businesses. However, WPA2 has a newly discovered flaw that allows a cybercriminal to reuse the encryption keys that are generated when a device and a router connect, which in turn allows them to intercept the data being communicated between the router and the device. This data could include credit card numbers, passwords, and any other information one would input online. Some networks could even allow data to be introduced from outside, for example, a website being infected with ransomware.
Details about the vulnerability will be released on November 1st, which means there is potential that they will fall into the wrong hands if they haven’t already. This gives businesses about two weeks to make sure they are prepared.
Currently, the biggest Achilles’ heel is on the client-side, which means the computers, laptops, and mobile devices are the first priority to update, but network hardware such as access points and routers are important as well.
Fortunately, Microsoft has already released an update to attend to this vulnerability, and Android devices will be rolling out updates during the coming weeks. Anyone running Windows 10 with automatic updates or has recently installed updates should have the fix. Other devices, including smartphones, tablets, and even your network routers and Wi-Fi access points should also be checked for updates.
For businesses, the most straightforward answer is if you are paying someone to monitor and maintain your entire network, they should be checking all devices to make sure they are patched to prevent this vulnerability. If you don’t have an agreement with an IT company such as KT Connections, or you don’t have someone on staff who is aware and knowledgeable about the potential threats to your network, it’s more than likely this vulnerability exists (along with many others).
If you aren’t sure, reach out to us as soon as possible. KT Connections can help you keep your network patched and up-to-date. For more information, call us at 605-341-3873.
Rodd Ahrenstorff is the Director of Business Operations for KT Connections, as well as a member of the company’s ownership team starting in 2014. Rodd has been working in the computer and telecommunication fields for over twenty years—a term during which he has held a number of leadership positions. In the past, he has served as a broadcast television engineer, an systems architect, and most recently Director of Information Technology, including a role as a HIPAA Security Officer for behavioral health and multi-specialty medical providers.