The KRACK Wi-Fi Hack: Protect Yourself and Your Business

Over the past few weeks, Microsoft, Apple, Google and other technology companies have been rushing to address issues related to the KRACK Wi-Fi security vulnerability, which puts any person using wireless internet at risk of being hacked. Are you protected?

KRACK—which stands for Key Reinstallation Attack discovered by security researcher Mathy Vanhoef, could give attackers access to a user’s credit card details, passwords, emails, messages, photos and other personal data. The security threat affects WPA2 Wi-Fi by getting users to reinstall a key already in use, allowing hackers to exploit the network, if they are within range.

October 31, Apple released iOS 11.1, the first major update to iOS 11 since its release in September, which along with updates and fixes, included a patch for the KRACK Wi-Fi hack vulnerability. As of November 6, all Google Nexus and Pixel devices now have patches for the WPA2 KRACK vulnerability. Google also announced it has fixed a “critical security vulnerability” that was found within the Media framework for Android.

This follows security updates released on October 19 by Microsoft. Customers who have their updates automatically enabled are already protected. If you haven’t already updated your devices, now is a good time to do so.

Technology companies acknowledged problems with the WPA2 encryption used on all modern Wi-Fi routers. “This is not a new hack, it’s always been a flaw that’s been there, but people didn’t know about it,” says Joshua Alexander, Sprout’s technical director. “Small businesses in particular are usually under-protected and look at security as a reactive rather than a proactive step.”

Alexander explains that anytime there is an unprotected Wi-Fi network, which lacks strong passwords, opportunities for hacks are created. This includes hackers running up charges on your network and illegal activities, which will come back to your firm’s IP address. “This particular security bug was a much more open vulnerability than what has existed in the past in regards to Wi-Fi security,” says Alexander. “This one required very little skill by a hacker.”

 
Security: Protect Your Business

Anyone who has installed updates for new patches, new releases and has increased their security and replaced access with strong passwords is better protected. Avoiding public Wi-Fi networks and websites that don’t use the secure HTTPS protocol is also good start. Small businesses also need to manage their security with diligence including router patches and settings. Any available security updates should also be installed to devices and routers to best protect users from the KRACK security bug.

“Make sure your customers use a separate network from your business network which should be private, including your extranet,” says Alexander. “Use strong passwords not your favourite sports teams or the word admin or password, which surprisingly is often used.”

Alexander also cautions that all software and equipment should be up to date. “There’s a lot of older equipment out there like outdated routers that don’t have the same level of security of newer models and other related equipment. The same applies to mobile devices with outdated software.”

The Threat of The Internet of Things – Security is An Issue

Any device connected to the Internet is also putting your network at risk. For example if your break room has a coffeemaker or a fridge that is connected to the Wi-Fi these are vulnerabilities that also have to be taken into consideration.

There is a website that is an Internet of Things search engine. Anyone can search anything that is connected to the Internet – ATMs, video games, coffee makers, fridges. “If it’s connected to the Internet it has to have security. If you are connecting your office lights or coffee machine to the Internet then that can affect the web security in your office. Once on the Wi-Fi network anything can be tapped,” warns Alexander.

For more information about protecting your devices, website and your business, please contact info@sproutcommunications.ca