Blog

HomeCatch ITUsing Wi-Fi? KRACK Kills Your Privacy

Using Wi-Fi? KRACK Kills Your Privacy

THREAT: A new flaw has compromised the most widely used Wi-Fi Protocol (WPA2), allowing hackers to decrypt and view everything you are doing online.

The exploit is called KRACK, short for Key Reinstallation Attacks.  This breach can be used to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data, allowing an attacker to inject ransomware or other malware into websites.

What Can You Do?
A hacker needs to be near your wireless network in order to exploit it. They cannot perform this attack remotely. However, until you can confirm your Wi-Fi equipment and devices are patched we recommend:

  1. For shopping, banking, email and other private matters use Windows or IOS devices and then use a browser with an HTTPS connection. Better yet, also disable Wi-Fi and plug in an ethernet cable.
  2. Disable Wi-Fi on your phone. Do not use banking, shopping or email APPS over a Wi-Fi connection. Use your cellular carriers network.
  3. Disable Wi-Fi on your Android devices. If you need Wi-Fi on a device like a tablet, DO NOT expect any privacy. Avoid making purchases or doing any banking. Just checking your email could have your credentials exposed and stolen. Only use a browser on these devices and make sure you have a secure, HTTPS, connection.
  4. See number one. It is much easier to pick a device to handle sensitive matters and just avoid using Wi-Fi. You can continue to use your other equipment for non-sensitive matters.

BMT wireless vendor Ubiquiti already has patches available.  If you are a BMT Managed Services client, this issue has been resolved.  If not, please contact us to learn what you can do to ensure your networks are secure. 

For more details:
ARS Technica Article – https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/ 

Researcher who discovered vulnerability has put up a website – https://www.krackattacks.com/ 

Written by

I enjoy my work at BMT - an established IT consulting firm, constantly evolving my security, management and consulting abilities to assist our wide range of clients in leveraging IT to achieve strategic business goals. Wearing different hats keeps the job interesting, challenging and rewarding.