Recently, a researcher at the University of Leuven, Mathy Vanhoef, discovered vulnerabilities with WPA2 (Wi-Fi Protected Access 2 – the most widely used Wi-Fi protocol). These vulnerabilities, according to Vanhoef, give attackers access to sensitive information (passwords, messages, photos, etc.), as well as the capability to inject malicious data into your devices. These attackers start by setting up a fake access point that mimics an existing one to trick anyone nearby to connect with it. Once connected, the attackers would launch what the researcher calls a key installation attack, otherwise known as KRACK.
Will This Affect Me?
If your device supports Wi-Fi, there is a chance that is could become affected. Vanhoef stated, “During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.” You can learn more about the specifics of his research here. It’s noted that Android devices are particularly vulnerable to KRACK.
What Can I Do To Protect Myself?
First and foremost, when given the option to update the software on any of your devices – do so. Vanhoef noted that some of “major platform providers” have already begun to release patches specifically for the WPA2 attack. Also, you can make sure your router is up-to-date. You can contact your internet service provider about when patch updates will be released for this vulnerability if they haven’t been already. Check back frequently, and if they don’t release anything in the near future you may want to consider switching providers. Another option would be to turn off your Wi-Fi capabilities and use an Ethernet cable through your router to guarantee security. However, for devices such as mobile phones and tablets, there isn’t an Ethernet option. For the time being, you may want to consider using your cellular data until a patch is released. Lastly, HTTPS websites offer encrypted access, so using these as opposed to HTTP sites will put you less at risk.
What Can Sierra Do To Help?
If you have been affected by KRACK, we can help. Sierra offers remediation services including workstation patch management and network monitoring/management to avoid harm from any future vulnerabilities or malicious attacks. To learn more about our services and how we can help, contact our team here.
Sierra Experts is an IT managed service and support provider, specializing in remote monitoring and management of computing systems, cloud/virtual systems, hosting, web design and development, software development, VoIP/SIP PBX trunks and solutions, physical server hosting, and hardware and software reselling. For more check out: www.SierraExperts.com.