“KRACK” security vulnerability discovered in WiFi Protected Access II (WPA2) security protocol
A security flaw has been discovered that could be used to hack into any device that uses WiFi, including smartphones, tablets, laptops desktop computers, laptops.
Many modern Wireless networks use WiFi Protected Access II (WPA2) security protocol and security certification programs to secure the wireless computer network. WPA2 wireless protocol has a new security vulnerability called “KRACK”, which is short for Key Reinstallation Attacks. This security flaw has been discovered by researchers at KU Leuven, a university in Flanders, Belgium.
Attackers can use this to steal sensitive information that is sent over a WiFi network that uses WPA2, including credit card numbers, passwords and other sensitive information. It may also be possible for an attacker to inject malicious information into the WiFi network which could include malicious ramsomeware and malware. The attacker needs to be within Wireless range.
The vulnerability is not per individual device but the actual WPA2 protocol, which means all devices that use WPA2 could be affected.
What you should do about the WPA2 “KRACK” security flaw on your WiFi networks
KRACK does not use your WiFi password to get access to your network, so changing your WiFi password will not make you less vulnerable, although changing your password regularly is good practice.
Many WiFi product vendors will be releasing updated firmware and drivers for their products. To protect yourself, we strongly recommend that you update your hardware as soon as an update is available.
For our clients who enjoy our Proactive Managed IT Support and Network Security services, we have details of all WiFi equipment and will continue to monitor when vendors release updates and will install them as soon as they become available.
The devices and hardware that will need to be updated, once patches are released, include the following:
- Wireless Access Points (WAP) including Office and Home routers
- Desktop workstations
- Mobile phones
- Tablets and e-readers that use WiFi
- Home devices connected to WiFi including Apple TV, NEST, Amazon Echo and Google Home
- Printers, both home and office, that use WiFi
- Any other device that uses WiFi
Need more information about KRACK, below are some helpful links to give you more of an insight into the KRACK WPA2 Vulnerability.
BleepingComputer has compiled a running list of vendors, that is being updated regularly, as more information on patches becomes available.