SandStorm IT

Power On

  • Services
    • Managed IT Services
    • Servers & Networks
    • Business Computers & Support
    • Cloud Services & Data Backup
    • Custom Software Development
    • VoIP Telephone Solutions
    • Custom Web Design
    • Disaster Recovery Solutions
    • Security & Compliance
    • IT Consulting
  • Technologies
  • Pricing
  • Work
  • About
    • Our History
    • Our Team
    • Careers
    • Press
  • Blog
  • Contact
    • (901) 475-0275
  • Help Me

ALERT: Is My WIFI affected by the WPA2 KRACK?

October 17, 2017 By SandStorm IT

If you’ve seen the news over the past 24 hours, you’ve probably heard about the WPA2 KRACK.  You may be asking, what does all of this mean?  Is it really as bad as some people are portraying it to be?  Does this affect me?  The simple answer is yes, it is pretty bad and if you use WiFi, then yes, it will affect you.

 

The standard for wireless security for over a decade has been WPA2 and has stood up remarkably well over that time.  It is what every IT expert should recommend be used to secure anyone’s network, residential or business. 

 

The US-CERT (United States Computer Emergency Readiness Team) a division of the US Department of Homeland Security, “has become aware of several key management vulnerabilities in the 4-way handshake of the WPA2 security protocol.  The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others.”

 

What does this mean?

Basically, that traffic on wireless networks may no longer be secure.  All traffic that is sent across wireless can be intercepted, decrypted, and traffic hijacked to steal information or potentially take control of one’s computer using this vulnerability.  This affects every device that connects to wireless:  anything from laptops to printers, cell phones, TVs, workstations, cameras, etc.

 

But, before you start unplugging your access points and throwing them into the street, there are some things that you need to know:

  • This vulnerability was just announced yesterday and until then was not in the wild.  It will take a few weeks before anyone sees this being actively used.
  • There is a very small window of opportunity to exploit this vulnerability.  An attacker has to be in range of your wireless network to exploit this.  This is not like some of the other hacks or vulnerabilities that can be exploited by just having something connected to the internet.
  • Also this vulnerability can be patched, but it needs to be patched at both the wireless access point and the client device.  Some wireless vendors have already patched the firmware on their wireless access points to prevent this vulnerability from being exploited.  Microsoft and Google have publicly announced that they will be issuing or have already issued security patches to their operating systems in the coming weeks and other vendors will follow suit and release patched.

 

What do I need to do?

First, you need to evaluate your wireless that you are using today.  Make sure that the encryption schema that you’re using is WPA2.  If it’s not, you need to move to it now.  Even though it is vulnerable, it is still the most secure standard of wireless encryption available today.  Next, you should find out if the manufacturer of your wireless access point has issued a patch or will issue a patch to address this vulnerability.  Newer devices should receive support from the manufacturer, but devices that are 2-3 years old or more may be end of life and no longer supported by the manufacturer.  These older devices should be discarded and new devices purchased to protect your network and your information.

 

Additionally, client devices will need to be patched.  Microsoft has already announced that they have patched the vulnerability at the OS level with a Windows Update, but that some individual devices may need driver updates to their wireless cards in order to fully patch the vulnerability.  You also need to be on the look out for updates to cell phones, wireless printers, and other wireless devices in the coming weeks and update them as soon as possible.  

 

As always, if you have any questions about this vulnerability, want to discuss your wireless needs with someone, or have any other questions, call your on-demand IT partner, SandStorm IT, at (901) 475-0275.  

Related Posts

  • Security Alert - Update Warning for Microsoft Windows 7, Windows 8.1 and Windows 10
  • Security Alert - Update Warning for Microsoft Windows 7, Windows 8.1 and Windows 10
  • What is a VPN?
  • Where is the best location to install my Wireless Router?
  • Are you still on a workgroup network?

Categories: 5G & Mobile Networking, Cybersecurity, Networking, Wired Networking, Wireless/Wi-Fi

Subscribe to Our Newsletter

Check your inbox or spam folder now to confirm your subscription.

SANDSTORM IT BLOG

Featured
News
Press Releases
SandStorm News
Security Alerts & Vulnerabilities
Managed Services
Managed Anti-Virus/Anti-Malware
Managed Backups & Monitoring
Updates/Patches
Passwords
Cybersecurity
Spyware/Malware/Viruses
Social Engineering/Phishing
Ransomware
Data Breaches/Leaks
Other
Servers
Server & Server Hardware
Cloud/Serverless Computing
Server Operating Systems
Networking
Wired Networking
Wireless/Wi-Fi
Internet of Things (IoT)
5G & Mobile Networking
Business
General Business
Enterprise Resource Planning (ERP)
Voice & Telephony
Backups & Business Continuity
On-Site Backups
Cloud Backups
DR/BCM Planning & Consulting
Personal Computing
Tips/Tricks/Shortcuts
Troubleshooting
Hardware & Peripherals
Desktop Operating Systems
Software & Applications
Office Applications
Desktop Software
Email Software and Applications

Authors

Authors
Doyle Sanders
Jake Sanders
Jordan Sanders
Justin Oliver
Matt Ballard
Robert Cleveland
Cristian Colón
Jacob Ellis
Jeff Fowler
Miker Irick
Curtis Mayo
Josh Restuccio
Lindsey Sanders
Matthew Stafford
Josh Yarbrough

Give Us a Call

(901) 475-0275
61 Atoka-McLaughlin Dr.
Atoka, TN 38004

About SandStorm IT

SandStorm IT is a team of committed professionals who are dedicated and excited to solve your technology needs.  We accomplish this through understanding your business and then applying the appropriate technology solutions to meet the needs.

Our breadth of experience with information technology covers a range of diverse skill sets such as server setup and configuration, network and firewall solutions, VoIP telephone systems, web and database hosting, custom web application programming, mobile development, and IT security practices and policies.

SandStorm IT has the desire, expertise, and commitment to bring your vision to life.

  • Services
  • Technologies
  • Pricing
  • Work
  • About
  • Blog
  • Contact
  • Help Me
Authorized Solution Provider