We recently released an update so customers can quickly identify the KRACK WPA2 vulnerability on Windows operating systems, and we will soon release updates for those using Android and Linux.
In recent days, much has been said about the potential weaknesses hackers can exploit in Wi-Fi networks because of this vulnerability. The good news is a hacker would have to be extremely sophisticated and be within range of a local Wi-Fi connection to exploit the weakness. And we know the likelihood of that is quite small. However, the vulnerability is serious and when the respective patches are made available (and Windows has already put its patch out there), organizations and security teams need to act quickly.
Here is what you should know about the KRACK vulnerability:
- It affects a core encryption protocol (WPA2) which enables you to use and surf the web privately
- What the vulnerability allows a hacker to do is reinstall keys (which are used to protect information encrypted by the user that’s shared over the web) and decrypt that information and take control of its transit.
- In some cases, depending on the platform or device, hackers can conduct an infinite number of man-it-the-middle attacks to manipulate data communication and inject malware.
As businesses wait for the available patches, they can take additional measures:
- Implore every business user to stick to websites that use HTTPS encryption.
- Try to avoid public Wi-Fi and stick to utilizing virtual private networks (VPNs)
- Cross check all vendors and review additional guidance outlined by the US Computer Emergency Response Team (found here)
We will update this post with guidance on additional patches for Android and Linux once they become available.