THREAT: A new flaw has compromised the most widely used Wi-Fi Protocol (WPA2), allowing hackers to decrypt and view everything you are doing online.
The exploit is called KRACK, short for Key Reinstallation Attacks. This breach can be used to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data, allowing an attacker to inject ransomware or other malware into websites.
What Can You Do?
A hacker needs to be near your wireless network in order to exploit it. They cannot perform this attack remotely. However, until you can confirm your Wi-Fi equipment and devices are patched we recommend:
- For shopping, banking, email and other private matters use Windows or IOS devices and then use a browser with an HTTPS connection. Better yet, also disable Wi-Fi and plug in an ethernet cable.
- Disable Wi-Fi on your phone. Do not use banking, shopping or email APPS over a Wi-Fi connection. Use your cellular carriers network.
- Disable Wi-Fi on your Android devices. If you need Wi-Fi on a device like a tablet, DO NOT expect any privacy. Avoid making purchases or doing any banking. Just checking your email could have your credentials exposed and stolen. Only use a browser on these devices and make sure you have a secure, HTTPS, connection.
- See number one. It is much easier to pick a device to handle sensitive matters and just avoid using Wi-Fi. You can continue to use your other equipment for non-sensitive matters.
BMT wireless vendor Ubiquiti already has patches available. If you are a BMT Managed Services client, this issue has been resolved. If not, please contact us to learn what you can do to ensure your networks are secure.
For more details:
ARS Technica Article – https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
Researcher who discovered vulnerability has put up a website – https://www.krackattacks.com/