A recently discovered vulnerability could allow attackers to intercept sensitive data being transmitted between a Wi-Fi access point and a computer or mobile device, even if that data is encrypted. The flaw, known as KRACK, affects WPA2, a security protocol widely used in most modern Wi-Fi devices. In some cases, a hacker could exploit KRACK to inject malware such as ransomware into websites.
What is KRACK?
KRACK is an acronym for Key Re-installation Attack. It involves an attacker reusing a one-time key that’s provided when a client device attempts to join a Wi-Fi network. Doing so could enable the hacker to decrypt information being exchanged between the access point and the client device, which would leave personal details like credit card numbers, messages and passwords exposed.
Who’s affected?
Experts warn that any device that supports Wi-Fi is likely affected by KRACK, but that Linux-based devices as well as Android devices running version 6.0 or higher of the Android operating system are especially at risk. At the moment that includes more than 40% of Android devices.
What should I do about it?
To protect yourself from falling victim to a KRACK attack, you should update Wi-Fi devices like smartphones, tablets and laptops as soon as updates become available.
BIS has recently finished an emergency update roll out over the weekend to protect all of their managed Wi-Fi customers on the Unifi platform. There was a vulnerability revealed October 16th that puts all wireless transactions at risk. Major wireless vendors are taking steps to counter the attack and release software updates to their devices. Unfortunately, very few wireless access points and routers are designed to update to new firmware automatically. BIS managed access points have Ubiquiti hardware and have all been updated to 3.9.2 which protects their user base against the attacks. If you have a wireless network that has not been upgraded this week, any information you transmit MAY be read, stored, or possibly modified by hackers using this method.
If you’re a BIS client and unsure if you are secure on this managed platform or if you are not a BIS client and have questions about your Wi-Fi vulnerability, give us a call at 251-405-2555!