<![CDATA[On October 16, 2017, experts at the Katholieke Universiteit (KU) Leuven, Belgium, announced their findings to the public regarding the news of an unprecedented WiFi vulnerability, known as Krack, or Key Reinstallation Attacks. They revealed how the WPA and WPA2 standard encryption used across almost all Wi-Fi devices can be exploited to read messages, banking information, credit card numbers, sensitive data, emails, photos, and data that is supposed to be safely encrypted. According to the researchers who discovered the weakness, the vast majority of Wi-Fi connections have been broken and thus potentially expose wireless internet traffic to malicious eavesdroppers and attacks. Simply put, these Krack attacks mean that most encrypted Wi-Fi networks are not as secure as you think.
Potential Impact for Clients
All users should be overly cautious when connecting to public Wi-Fi as it is the most vulnerable since it already has weaker security. While the chances that a specific business will be targeted are slim, every Wi-Fi should basically be treated as insecure.
If using public Wi-Fi, stay away from any personal or business activities such as banking, business software, CRM, patient management software, or Medical EMR applications.
Businesses should stay away from accessing any sites that contain PII or PHI as it could be at risk unless using a secure VPN. Consider using a VPN or Virtual Private Network, which means that all your network traffic (not just your web browsing) is encrypted, from your laptop or mobile device to your home or work network, even if it travels over an unencrypted connection along the way
The US Department of Homeland Security has reported that someone using this vulnerability would need to be in range of your Wi-Fi network to exploit it.
Spectra Networks is aware of the issue and actively monitoring the situation. For our contract clients we will automatically be rolling out patches and firmware updates as vendors release them.
The Krack vulnerability appears that it can be fixed with a software update on most devices. In fact, Microsoft has already released a patch for Windows that fixes the flaw and Apple will roll out an update in a few weeks that does the same. Patches can be installed at the OS level such as Microsoft and Apple and at the device level for things such as Firewalls with Wifi or Wireless Access Points.
For Spectra Network’s non-contract clients, we will be reaching out to everyone and offering assistance to patch their OS’s and wireless equipment as soon as patches and firmware are released.
Our aim here at Spectra Networks is not to scare our clients, but rather to inform them. We will stay on top of this situation and be in touch with our clients. If you have questions or would like to discuss what this means for your business email [email protected] or call 978.219.9752 option 2.]]>