For those who are not familiar with the Irish slang, read this. We got another fun named vulnerability this week that goes after WPA2 encryption, something that is ubiquitous but not impenetrable. Key Reinstallation Attacks, or KRACK for short, exposes a weakness in the WPA2 protocol. It’s an attack on the protocol itself, so anything that is unpatched and properly implemented to the Wi-Fi and WPA2 standard is vulnerable. Patches are already well on their way to being released and deployed.
But this problem is going to stick around for a long time like Shellshock and Heartbleed. Many Wi-Fi hotspots are running outdated firmware that cannot be upgraded in some cases. Just like Shellshock and Heartbleed, the only way to fix the vulnerability in those devices is to rip and replace the actual hardware.
What can you do?
First, upgrade the firmware for your home Wi-Fi access point(s). You need to check with the vendor to see how to do this, and if they have released something. Ubiquiti released their new firmware to address the issue this week. You should patch and deploy ASAP to protect your home and business. If you are running an old Wi-Fi access point, or if your Wi-Fi is given to you by your internet service provider, you may need to consider replacing it with something more modern.
In addition, any of your endpoints such as laptops, tablets, and phones must be patched to protect against this attack. Watch for updates from your vendors to fix this issue. If you are an Apple guy, they report this has already been patched in betas available today, which means that we should see a patch for endpoints soon.
But you as a user are in real trouble. This is not something you can control the fix of, and frankly, because the fix is backward-compatible, you won’t know if the Wi-Fi network you are connecting to is patched or not. Even if your device is patched, you are still vulnerable to the attack if the network you connect to is not patched.
For this reason, you should consider using a VPN anytime you are away from trusted networks. They are really easy to buy and put on your laptops, phones, or tablets, and most are really cheap. Here’s a guide from PC Mag on some popular services and their features. Wi-Fi should not be trusted when it’s open or when it’s encrypted at this point. Most modern apps and websites will protect you on unprotected networks, but getting out of a hostile environment before using those apps and websites is a good way to bypass this flaw.
This is a Security Bloggers Network syndicated blog post authored by Branden Williams. Read the original post at: Branden R. Williams, Business Security Specialist