A widespread wireless Wi-Fi wireless security vulnerability was revealed today affecting wireless clients including laptops, phones, TVs, cars, Amazon Alexa Echo, and any other devices connected to a wireless access point. The vulnerability could potentially allow hackers within your wireless range to bypass WPA2 network security and read information that was previously assumed to be securely encrypted. Information such as passwords, credit card numbers, chat messages, emails, photo, and other personal information. For businesses this could mean banking information, protected health information, PHI, and business intellectual property. The vulnerability, once exploited, can also enable hackers to inject malicious code into your device allowing malware & ransomware to infiltrate your device.
Researcher Mathy Vanhoef, from Belgian university KU Leuven, accidentally discovered the vulnerability, dubbing it KRACK, for Key Reinstallation Attack and has setup a site dedicated to the hack.
WPA2 wireless encryption is the most up-to-date wireless standard available. To prevent the attack, all wireless connection devices need to be updated as soon as security updates become available. Manufacturers have already started pushing out updates. The US Computer Emergency Response Team (CERT) has been made aware of the vulnerability and has released an advisory.
Microsoft confirmed it had rolled patches out already: “We have released a security update to address this issue. Customers who apply the update, or have automatic updates enabled, will be protected.” Apple nor Amazon to date have made a statement or an available release of their products.
Devices connected to Mobile Hotspots using GSM cards are not affected unless they are also connected to a wireless network.
Computer Business will update all client devices under a Managed Services Provider agreement as the manufactures make them available. In the interim, users should continue to practice safe online activity by utilizing secure sites — those beginning with https://, use VPN connections to connect to business networks, ensure network resources require authentication, and stay away from free Wi-Fi sites such as Starbucks or Airlines while entering or accessing sensitive data.
The attacks will more than likely be minimal in that hackers must be in close proximity to pick up the wireless signal and connect to the wireless network. Furthermore the attacks would be targeted attacks so the impact and the vulnerability is not scalable.
Computer Business, founded in 1996, is a full service IT provider offering a comprehensive suite of IT services ranging from complete IT Managed Services and Security to innovative custom designed solutions. We provide IT related services and solutions to any sized business in any location. Computer Business has a world-wide client base in a broad range of industries including healthcare, technology, real estate, finance, legal, logistics, B2B and B2C, and the U.S. military.
Clinton Pownall is the President & CEO of Computer Business and has been in the IT field since 1990. Clinton served in the US Navy for 6-years as a Weapons Systems Technician and has a Bachelor’s of Science in Computer Engineering. [More…]