Wifi Security Flaw Detected that Leaves Devices Vulnerable – Patch Your Wifi Soon

Posted: October 18, 2017

“All Your Wifi Connected Devices Are Potentially Vulnerable”

That’s the conclusion from James Walker, MD of Computer One after reviewing international research that also prompted the US Department of Homeland Security to issue an official warning.

What’s the story? Well, a wifi security flaw has been discovered and it’s serious. The flaw could be used to hack into any device that uses Wifi, including phones, computers, PlayStations, smart fridges and a multitude of other devices.

The Wifi flaw, which is being referred to as ‘key reinstallation attacks’ (or KRACKs), was discovered by Belgian researcher Marty Vanhoef in July 2017. Vanhoef discovered a method for breaking WPA2 (Wifi Protected Access II), which is the security protocol used by the vast majority of routers and devices to secure internet connections.

What Are KRACKs?

This Wifi security flaw could allow someone to access your device through a password protected Wifi network – hackers could do this to any Wifi access point that they were physically near. In more specific terms, the attack manipulates and replays cryptographic handshake messages in the four-way handshake that is used when you attempt to connect to a protected Wifi network.

What Could This Mean for You?

KRACKs could be used to steal a wide range of information, even information that is supposedly encrypted. Just some examples of this information include:

Passwords
Credit card details
Emails
Photos
Chat messages

Depending on your network configuration, a hacker could also use this flaw to manipulate and inject data. For example, a hacker could potentially inject ransomware or other malware into websites.

Are KRACKs Malicious?

So far, it is unknown whether KRACKs have been used by hackers with malicious intent. One reassuring factor is that anyone exploiting this flaw would need to be in range of your Wifi router – Wifi connections cannot be hacked remotely. This means that we are not likely to see hacks unfold on the scale of the WannaCry, which was one of the biggest ransomware outbreaks in history.

Doctor’s Orders: Patch, Check and Run

First thing’s first, changing your Wifi password won’t make any difference, as KRACKs don’t require password access. Here are some things you can do to protect your online information:

Update Your Devices with the KRACK Patch

In most devices, this flaw can be ‘patched’ with a software update. A patch is a piece of software that is designed to update a computer program (or its supporting data) and fix security vulnerabilities. According to CNET, Microsoft has already released a patch for Windows that fixes the flaw, and Apple and Google will roll out an update in a few weeks time.

To protect your online safety, make sure that you stay up to date with any patches on your devices that use Wifi, as well as the routers themselves. Computer One clients can rest assured that Computer One will apply patches as they become available and as we test them for their efficacy. You should also stay tuned for updates as more information and solutions unfold.

Check Your Router

Your router’s firmware will also need updating. To find out the solution for your router, we recommend that you call your router supplier and ask which measures you can take to protect your Wifi connection (Computer One clients do not need to take this step).

Here’s a list of some of the router makers that have already put out fixes (including Ubiquiti, Meraki, FortiNet and more).

Run from Public Wifi as Though It Has the Plague

Regardless of whether a public WiFi access point has been patched for this particular vulnerability, there are a thousand reasons not to use Public Wi-Fi unless it’s the absolute last option. We recently returned from a tradeshow where we demonstrated how we could hack a network with a pineapple – it’s that easy.