A serious weakness in Wi-Fi’s WPA2 security protocol makes it possible for attackers to eavesdrop on your data when you connect to a wireless network. The vulnerability, discovered by Mathy Vanhoef, a computer security researcher, allows an attacker within range of a victim to exploit this weakness using key reinstallation attacks (“KRACKs”) to read information that was previously assumed to be safely encrypted.

— IF YOUR DEVICE SUPPORTS WI-FI THEN IT IS LIKELY AFFECTED BY THIS VULNERABILITY —

A KRACK attack targets the third phase of a four-way authentication “handshake” performed when your Wi-Fi enabled device attempts to connect to a WPA2 protected wireless network. The encryption key can be resent multiple times during this phase and if attackers collect and replay those retransmissions in particular ways, the WPA2 security encryption can be compromised.

The United States Computer Emergency Readiness Team (CERT) issued this warning as part of its vulnerability note (228519) regarding key reinstallation attacks: “Impacts may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames.” HTTP content injection means the attacker could sneak code into the websites you’re viewing to infect your device with ransomware or malware.

AS STATED IN THE “HITCHHIKER’S GUIDE TO THE GALAXY” — DON’T PANIC!

As per the above, in order for your business network and devices to be compromised, the attacker has to be in range to perform the attack. While this fact alone limits your exposure to the exploit, you should still be diligent and take the necessary precautions to protect your business and devices from the potential of being compromised.

Vendors that have vulnerable hardware and/or software are working diligently to release patches that address this exploit technique — however, some patches are weeks out from being released to the public. As examples, Apple has a patch that is only available through beta and developer channels but has announced that the fix will be available “within weeks” to the general public. Google has announced that they will have a software update for their Android OS available on November 6. Companies such as Microsoft and Ubiquiti have already released updates that patch this exploit.

PROTECTING YOUR BUSINESS AND DEVICES IS SIMPLE…

At this point, all that is required to keep your sensitive and confidential information safe is a little knowledge and understanding of where and how you and/or your business is still susceptible to this exploit and then taking the necessary precautions.

First, refrain from using any public Wi-Fi or hotspots with your phone, tablet or laptop for any sort of communication where sensitive or confidential information is involved (e.g. internet banking, business email with sensitive attachments, etc.). Disconnect from the public Wi-Fi or hotspot and use your cellular network (if available) for performing those tasks as the cellular network is not vulnerable to KRACK.

If you are travelling abroad and need to connect over a Wi-Fi connection then use a VPN or remote desktop solution. This adds an additional layer of security and encryption that can’t be compromised via the KRACK exploit.

While vendors work on delivering patches to address this vulnerability, you can limit your businesses exposure by ensuring all insecure devices connect via your “guest” network, which limits connected devices to Internet access only (no business resources — i.e. servers, data storage, etc.). As well, educate your staff on refraining from using any application that may expose sensitive and/or confidential information until their devices are appropriately patched.

CONSIDER A DIFFERENT OPTION FOR OFFERING FREE WI-FI

628 Media, an Ottawa-based company, offers a Social Wi-Fi Marketing Platform that will simplify and automate your on-premise marketing, expand your client list with real email addresses and engage customers through social media (likes, check-ins and social connections) while creating a clear, safe separation from your internal Wi-Fi network. Your marketing can include ads, coupons, discounts, promotions, Google/Facebook re-marketing, track customer visits and more. If you would like to find out how it works and what this can mean for your business, just reach out to 628 Media and have a conversation with them at 1 (855) 901-3039 or online at wifi.628media.com.

SEEK PROFESSIONAL ASSISTANCE

If you are unsure whether or not your Wi-Fi infrastructure is vulnerable to this exploit — contact us. Codemark Corporation can review and assess your Wi-Fi infrastructure to identify which devices are vulnerable to the KRACK exploit. We will then coordinate with your Wi-Fi vendors to obtain patches for your affected devices and apply them in a timely manner to mitigate your exposure.

KRACK REMEDIATION FOR A FLAT-FEE

Complete the Contact Us form on the right to request our flat-fee KRACK remediation service.
— ONLY $199 CAD* —
* limited time offer — valid for Ottawa-Gatineau and surrounding businesses; offer expires October 27, 2017 and excludes any applicable taxes; service includes review/assessment of Wi-Fi infrastructure and patching of all Wi-Fi access points and any associated Microsoft Windows®-based management software.

CONTACT US

  • FULL NAME
  • E-MAIL ADDRESS
  • TELEPHONE
  • COMMENTS
  • This field is for validation purposes and should be left unchanged.