A serious vulnerability was discovered in the WPA2 (IEEE 802.11i) encryption protocol used in Wi-Fi networking. The latest vulnerability known as KRACK (key reinstallation attacks) allows attackers, within proximity, to view unencrypted traffic on a wireless network. This is traffic that was previously assumed to be encrypted by WPA2. This could give hackers visibility to personal information such as credit card numbers, passwords, messages, email, photos, and more. Depending on the configuration of the network it is also possible for hackers to inject malicious threats such as ransomware or other malware into websites. As scary as this attack sounds, there are several mitigating factors at work here. The most importantly is that this is not an attack that can be pulled off remotely: An attacker would have to be within range of the wireless signal between your device and a nearby wireless access point. This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users.

Please note that most device manufacturers have a patch for this, and if they don’t they will soon. We also recommend that you have a robust security posture that includes endpoint protection and VPN connectivity where applicable.  The key in this instance is not to panic, or overreact, but to understand how this new vulnerability may create exposure for your business, and take the appropriate actions to mitigate it. 

Our research suggests that the most recent versions of Windows and Apple’s iOS are either not vulnerable to this flaw or are only exposed in very specific circumstances. Android devices, on the other hand, are likely going to need patches applied.

Our recommended actions:

• Limit the use of public Wi-Fi.
• Only connect to secured services. Web pages that use HTTPS or another secure connection will include HTTPS in the URL.
• If you have a paid VPN service that you trust you should enable the connection full-time until further notice.
• Use a wired network if your router and computer both have a spot to plug in an Ethernet cable. This exploit only affects 802.11 traffic between a Wi-Fi router and a connected device. Ethernet cables are relatively cheap and although they may be an eyesore when strung across the carpet, in this case it may be worth it.

GSC IT Solutions is working to take a proactive approach to addressing this with our customers.  If you have specific questions or would like to better understand your potential exposure, please contact us at 603-485-7100 or email at service@gscitsolutions.com.