WPA2, the Wi-Fi protocol that protects most Wi-Fi-enabled devices, was recently compromised when a Belgian researcher uncovered a vulnerability in the protocol and published the details of the flaw. The researcher has codenamed this weakness, KRACK, which is short for Key Reinstallation AttaCK. This vulnerability, if exploited, could expose wireless internet traffic to malicious eavesdroppers and attackers.
Before this vulnerability was identified, you could feel comfortable that your WPA2-protected Wi-Fi session would be safely encrypted; WPA2 is (or was) the most secure security protocol in general use to encrypt Wi-Fi connections. However, if a hacker is able to use this vulnerability to decrypt the WPA2 protocol and hack a wireless network, they could steal credit card numbers, passwords, chat message, emails, photos and more. And, depending on the network configuration, it’s possible they could also inject ransomware and other malware to further compromise the infected network.
This isn’t an isolated security vulnerability, either. The researcher who identified this flaw noted that if your device supports Wi-Fi, it’s most likely affected. This includes any Wi-Fi enabled devices at work and your personal devices as well.
What’s important to highlight is that while this is a serious vulnerability, and requires remediation (more on that in a bit), connections to secure websites (URLs that start with “https://”) and other encrypted connections like virtual private networks (VPNs) are still safe. However, unsecure connections to websites (URLs that don’t display “https://” in the address bar) should be considered public and viewable to any other user on the network until the vulnerability is fixed. So, proceed with caution.
How can you protect yourself and your organization?
The good news is that this vulnerability can be fixed with software updates to all your devices. You’ll need to update the following devices:
- Desktop workstations
- Mobile phones
- Wi-Fi-enabled tablets and E-readers
- Home and office routers
- Internet-connected devices like Nest, Amazon Echo and Google Home
- Wi-Fi-enabled home and office printers
Prioritize updating your mobile phones and tablets first, along with any other devices that use public Wi-Fi. Check for and install any software updates that roll out to your devices over the coming days and weeks. There are already security patches available for Apple and Microsoft devices. Android expects to release a patch in the coming weeks. Linux will also be releasing patches, as will Juniper and Cisco. Watch for available security patches and make sure you’re always running the current software version of your device.
If you have a partner managing your endpoint devices and networks, they should be monitoring and installing any patch updates as they become available, so check with them if you have any questions on whether your devices have been patched.