If you’ve seen the news over the past 24 hours, you’ve probably heard about the WPA2 KRACK. You may be asking, what does all of this mean? Is it really as bad as some people are portraying it to be? Does this affect me? The simple answer is yes, it is pretty bad and if you use WiFi, then yes, it will affect you.
The standard for wireless security for over a decade has been WPA2 and has stood up remarkably well over that time. It is what every IT expert should recommend be used to secure anyone’s network, residential or business.
The US-CERT (United States Computer Emergency Readiness Team) a division of the US Department of Homeland Security, “has become aware of several key management vulnerabilities in the 4-way handshake of the WPA2 security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others.”
What does this mean?
Basically, that traffic on wireless networks may no longer be secure. All traffic that is sent across wireless can be intercepted, decrypted, and traffic hijacked to steal information or potentially take control of one’s computer using this vulnerability. This affects every device that connects to wireless: anything from laptops to printers, cell phones, TVs, workstations, cameras, etc.
But, before you start unplugging your access points and throwing them into the street, there are some things that you need to know:
- This vulnerability was just announced yesterday and until then was not in the wild. It will take a few weeks before anyone sees this being actively used.
- There is a very small window of opportunity to exploit this vulnerability. An attacker has to be in range of your wireless network to exploit this. This is not like some of the other hacks or vulnerabilities that can be exploited by just having something connected to the internet.
- Also this vulnerability can be patched, but it needs to be patched at both the wireless access point and the client device. Some wireless vendors have already patched the firmware on their wireless access points to prevent this vulnerability from being exploited. Microsoft and Google have publicly announced that they will be issuing or have already issued security patches to their operating systems in the coming weeks and other vendors will follow suit and release patched.
What do I need to do?
First, you need to evaluate your wireless that you are using today. Make sure that the encryption schema that you’re using is WPA2. If it’s not, you need to move to it now. Even though it is vulnerable, it is still the most secure standard of wireless encryption available today. Next, you should find out if the manufacturer of your wireless access point has issued a patch or will issue a patch to address this vulnerability. Newer devices should receive support from the manufacturer, but devices that are 2-3 years old or more may be end of life and no longer supported by the manufacturer. These older devices should be discarded and new devices purchased to protect your network and your information.
Additionally, client devices will need to be patched. Microsoft has already announced that they have patched the vulnerability at the OS level with a Windows Update, but that some individual devices may need driver updates to their wireless cards in order to fully patch the vulnerability. You also need to be on the look out for updates to cell phones, wireless printers, and other wireless devices in the coming weeks and update them as soon as possible.
As always, if you have any questions about this vulnerability, want to discuss your wireless needs with someone, or have any other questions, call your on-demand IT partner, SandStorm IT, at (901) 475-0275.