How the KRACK attack on wireless WPA security affects you.

This issue just hit the news today, on every single computer blog and forum in existence. It does affect you, even if you're only using Wi-Fi in the nearest coffee shop or library hotspot.

Here are some reputable links if you want the technical details:

Tech Crunch

Naked Security

PC Magazine

To translate, it is possible for a bad actor to intercept any communication between your Wi-Fi device and nearly any wireless access point or hot-spot. You should act accordingly.  The researchers who found this apparently didn't give any heads-up to the device manufacturers, they just released full details of how the vulnerability works and how to duplicate their attack, and you can bet that there are people world wide who are using this attack as you read this. Believe me, anybody can do this and it takes very little technical skill, but they must be within range of your Wi-Fi router.

The organization is the central point to review the management of vulnerabilities, and they have documented ten separate issues with the overall KRACK vulnerability which must be fixed. That is not going to happen overnight.

Here's what you should do, pending the release of firmware and software fixes.

  • If you have a Wi-Fi access point (AP) or hotspot in your business, isolate it from your internal LAN.
  • Turn off the wireless radio in the AP if it can't be isolated.
  • If you are accepting credit cards and are expected to by PCI-DSS compliant, unplug or disable the Wi-Fi, no exceptions.
  • Check for updates on a regular basis until you have a patch that is known to prevent this exploit.

The common protocol for researchers who do this type of work is to privately give notice of the vulnerability they've discovered and how to duplicate it. There are established channels to do this. Then the software and hardware manufacturers have adequate time to develop, test and distribute a fix. For most vendors, this was done on August 28, 2017 but fixing ten vulnerabilities is a lengthy process.

Call or contact us if you need help with this issue.