SECURITY ALERT: KRACK Wi-Fi Vulnerability

SECURITY ALERT: KRACK Wi-Fi Vulnerability

IMPORTANT ANNOUNCEMENT ABOUT WI-FI SECURITY
Everything you knew about WiFi security changed earlier this week.

If you’ve ever been told to not use public (i.e. Starbucks, airport, etc.) WiFi because it isn’t safe. This vulnerability potentially makes all WiFi equally insecure.

WPA2 has been the recognized industry standard for securing WiFi networks for several years (in both business and residential wireless environments) and all IoT (Internet of Things) devicescome pre-configured to use WPA2. In English, nearly every wireless device is using WPA2. Well, it was announced earlier this week that the WPA2 standard can be hacked. It has a validated, legitimate vulnerability that has no current/immediate fix.

This notice is designed to make you aware this vulnerability exists, and provide you with information on how to best address it moving forward. If you have any questions and/or would like additional information, please contact Dave Tuckman at 619-825-4797 ordave@GSWS.com.

WHAT IS THE VULNERABILITY?
Your network isn’t immediately vulnerable to everyone across the globe. For someone to actually hack into you wireless network they need to physically be close enough to connect to it. If they do that, they can listen in, record information, redirect the information that goes across your WiFi network – things like that (but they physically need to be within the proximity of the network).

Because we are dealing with a potential vulnerability that has no timeline towards resolution, we currently recommend you DO NOT use WiFi for accessing unencrypted sensitive or secure information.

WHAT IS THE FIX?
Ultimately, over time, EVERY device that connects to your WiFi network will release a patch that addresses this vulnerability. Meaning, Microsoft will release the updates for Microsoft products, Apple for theirs, etc. Some older hardware may need to be replaced if it’s not supported by the manufacturer. Once EVERY device is updated, your exposure will have been addressed.

If you are a GSWS client
Please know we are already working on this for you. We have your hardware inventoried and are working to track/improve your level of exposure. We will be reaching out on an individual basis on anything specific to discuss. 

If you are not a GSWS client
Please contact your current provider and discuss out how this impacts your network environment. The goal is to identify what is vulnerable. If you don’t have a current provider, feel free to contact us and we’ll be happy to help. 

ADDITIONAL INFORMATION/LINKS
– How the KRACK attack destroys nearly all Wi-Fi security
– Why The KRACK Wi-Fi Mess Will Take Decades To Clean Up
– KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol
– Microsoft already published a KRACK fix, Apple and Google are working on it
– These are the router makers that have patched KRACK WPA2 Wi-Fi flaws

Again, if you have any questions and/or would like additional information, please contact Dave Tuckman at 619-825-4797 or dave@GSWS.com. We are here/happy to help.

Leave a Reply

Your email address will not be published.