KRACK WiFi Vulnerability
We wanted to make sure everyone is aware of the latest information security concern that has promulgated this week. On Monday this week an official announcement was released that a postdoctoral researcher in Ku-Leuven University in Belgium discovered a way to break the encryption of current WiFi communication. This latest vulnerability was named “KRACK”. WiFi Wireless communication is a ubiquitous communication method used at homes and enterprises by the vast majority of our daily used devices whether it’s our cell phones, laptops, tablets and home smart-devices to communicate. The current WiFi standard is using special methods to secure the information travelling over the air from your device to the network so that your information is safe from prying eyes. The discovery made this week allows a nearby perpetrator to eavesdrop on your communication and in specific cases even hijack it. The issue is effecting both sides of the WiFi connection which means both your devices (a phone or a laptop) and the network WiFi system (your home router – for example) will need a software update to be secure again. Following are a few practical points regarding this issue:
- Don’t panic. Although this vulnerability is verified and critical, a perpetrator needs to have extensive knowledge and be physically very close to you to be able to exploit it.
- Always use secure websites when you provide personal/sensitive information on the web. This is indicated by a padlock icon showing in your browser. If you use a secure website, there is very little chance your data can be exposed even if you use a system that is vulnerable to KRACK.
- Make sure your devices are updated with the latest software updates from your vendor/carrier: If you are current on your software on your Windows PC then your laptop is not vulnerable. Apple has announced on Monday that an update to iPhones, Macs, Watches and TV’s is already being tested and will be released soon. Google has already released an update for Android. If you have a Nexus or Pixel Android phones, the 11/6 update will take care of it. All other Android phones/tablets will have to wait until their respective vendors and carriers will include the fix. You can contact your carrier to ask for an update regarding a fix.
- Remember to update your home router with the latest firmware. Most manufacturers are still working on fixes, but once they become available you should apply them to your home wireless systems as soon as possible.