topic WiFi is now cracked / hacked / broken - What can be done to protect ourselves? in Industry News

WiFi is now cracked / hacked / broken - What can be done to protect ourselves?

James — Mon, 16 Oct 2017 17:41:49 GMT

Unless we've all been hiding under a rock this morning, word has spread quite quickly that KRAck, a new vulnerability with WiFi WPA2, where the attack vector can zero out the encryption due to multiple request of the key exchange. If your CEO or a friend on the street approaches you as a cyber security expert, what would you say?

From POV - use a VPN when on WiFi to protect yourself to start. Even with trusted WiFi connections, there is the opportunity for someone to exploit your WiFi on your system to see the traffic. Add another layer of encryption with a VPN - corporate or personal.

For those who have been under a rock and not learned about KRACK, here is some additional info: https://arstechnica.com/information-technology/2017/10/how-the-krack-attack-destroys-nearly-all-wi-fi-security/

Re: WiFi is now cracked / hacked / broken - What can be done to protect ourselves?

Kaity — Mon, 16 Oct 2017 20:13:31 GMT

What a crazy day it's been!

(ISC)²'s Director of Cybersecurity Advocacy, John McCumber, had a few thoughts on this subject - you can check them out on the blog today.

Re: WiFi is now cracked / hacked / broken - What can be done to protect ourselves?

John — Mon, 16 Oct 2017 20:59:40 GMT

The researchers who discovered it have a very nice site at https://www.krackattacks.com/

Basically, only Android and Linux are affected, as all the other OS builders don't conform to the standard. Most enterprise-class Wifi manufacturers already have a fix out. If they don't, maybe that's a pretty good indicator to shop for a new vendor. Otherwise, end-to-end encryption is probably the safest bet for now.

Honestly, I never trust WPA2 security, mostly because people never bother to set decent passwords, so I encrypt all my traffic with a VPN.

Re: WiFi is now cracked / hacked / broken - What can be done to protect ourselves?

esl-gareth — Tue, 17 Oct 2017 11:09:16 GMT

I don't think it's Android and Linux alone, Windows received a fix as part of last weeks patch tuesday, I was also reading today Apple devices not on the last beta are also affected as this has only been patched sometime between the vendor notice date (CERT/CC's broad note 28th Aug 2017).

I totally agree however on the need to keep check on vendors timeliness on providing patches. Apples resolution for instance is only presently fixed in beta so unless they push out 11.1 or 11.0.4 you are likely vulnerable.

This also raises the question of "how far back will they fix this?". Both Android and iOS alike have the legacy support issue. then of course we have IoT devices....