KRACK Wi-Fi Vulnerability
Yesterday morning, news sites broke out stories about the new KRACK vulnerability affecting wide-spread Wi-Fi security protocol WPA2. This underlying protocol has a design flaw that may allow attackers to decrypt traffic between computers and wireless access points.
While this is a serious issue that will need to be addressed by software vendors, we wanted to make sure you understand how this vulnerability may affect you and your business and what to do to mitigate the risks. This vulnerability may get blown out of proportion in the media and we want to inform you on the factual impact.
In short, if successfully exploited, the flaw will allow an attacker to snoop at the traffic between your device and the wireless router. The exposure is roughly the same as connecting to an unsecured network at a fast food restaurant for example. Here are some points that reduce the apparent risk this vulnerability may pose:
- The attacker must be physically present in the vicinity of the Wi-Fi router. This cannot be exploited remotely from other countries. Such local attacks are significantly more rare.
- Exploit code is not yet publicly available and the researcher who discovered it admitted that exploitation will prove difficult in most cases.
Moreover, even if the attacker is able to exploit this vulnerability, there is one important measure that will significantly limit the exposure for the individual:
Always assume that underlying networks can be compromised and do not rely on their security alone, be that Wi-Fi, cellular or wired networks. Always use care to enter credentials only into SSL versions of web sites (https) or use VPN to connect to your work environment.
If you are a manager of a company who uses Wi-Fi to allow access to the sensitive resources on the internal network, you may need to rethink things in the future. While WPA2 protocol has been largely trouble free for over a decade, Wi-Fi is still a radio, and unauthorized access may occur. If you have questions or want to know how to deploy your wireless networks without the risk of exposure, please reach out to our security experts.