A new wireless security vulnerability related to WPA2 encryption puts almost every WIFI device at risk for hijacking and eavesdropping. This was the major headline yesterday and we've been busy updating security on our managed clients.
Here's a great recap from our Senior Technology Advisor, Frits Riep, regarding what you need to know:
I wanted to update you on the latest information on this WIFI vulnerability and the history of the work done by security researchers and the industry to notify vendors of the risk and the information to date on the vendors responses. The bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way WIFI Protected Access II (WPA2) operates.
- Note that the vulnerability was discovered by security researchers prior to the public disclosure..
- US-CERT has known of the bug for some time and informed vendors ahead of the public disclosure to give them time to prepare patches and prevent the vulnerability from being exploited in the wild
- Public disclosure was at 8am EST, yesterday, Oct 17th.
- Ekaru’s go-to enterprise WIFIprovider, Ubiquiti, has already created a patch, notified Ekaru through our partner relationship, and Ekaru started deploying the patch to all of our managed services customers immediately.
- Please note, that at this time, Apple, Android phones, and most consumer WIFI equipment is currently vulnerable, so take appropriate precautions to upgrade or replace vulnerable devices.
- The only good news in this is that there are no known attacks on end-users so far, and that to be hacked the attacker must have equipment within WIFI range of the vulnerable devices.
- You may want to consider turning WIFI off on your mobile devices when in public locations and avoid WIFI hotspots until the vulnerabilities are patched.
- WPA2 security flaw puts almost every WIFI device at risk of hijack, eavesdropping.
- Here's every patch for KRACK WiFI vulnerabilty available right now
Technical article on the vulnerability (highly technical article:
As always, make sure your systems patches are fully up to date, and not just PC’s and servers these days!
If you have concerns, please email email@example.com, or call our main number 978-692-4200. Please share this post with colleagues and friends.