Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: info@c2techs.net

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Onsite Support
    • Encryption
    • Backups
  • ABOUT
    • Privacy Policy
FREECONSULT
Monday, 16 October 2017 / Published in Woo on Tech

Special Bulletin: Critical Vulnerability Found in Core Wi-Fi Protocol

Researchers released findings today on a critical vulnerability in the way devices using WiFi authenticate themselves with WiFi access points and routers. The exploit that takes advantage of this vulnerability is known as a Key Reinstallation AttaCK, or “KRACK” for short. Unfortunately for all of us, this vulnerability is actually found in a core protocol that is used just about everywhere, especially public WiFi hotspots.

DO NOT USE PUBLIC WIFI WHEN WORKING WITH SENSITIVE DATA

This has always been our advice to everyone – public WiFi networks are inherently insecure because it is impossible to control who is using the network, but this vulnerability adds to the growing pile of reasons to avoid using public WiFi unless you have no other alternative. Your office and home networks are only slightly more secure in that you have a marginal amount of control over who has physical access to the network, just by virtue of signal strength versus controlled space, but WiFi does travel through walls and over fence lines, so it’s still possible someone could be physically close enough to exploit this flaw without you ever seeing them.

Websites and applications that communicate via HTTPS and the use of a VPN will protect you from snooping, but won’t prevent someone from actually piggy-backing onto your data connection and sniffing all the unencrypted traffic, which can include many mobile apps and regular websites that don’t use HTTPS. For much better security, wired networks are still superior and are completely unaffected by this particular flaw.

The (somewhat) Good News:
  • This exploit has not yet been seen in the wild, and it does rely on someone being physically close enough to you to start the attack.
  • In any instance when either the provider or receiver are patched to fix this loophole, this exploit will not work.
The devices that are vulnerable to this flaw:
  • Android 6.0 devices and newer, which are just about all current and previous generation phones and tablets.
  • Any routers or firewalls with built-in WiFi
  • Just about all consumer-grade WiFi access points
  • Unpatched computers with WiFi capabilities
  • Home automation devices that rely on WiFi for control (Nest thermostats, Ring doorbells, etc.)
  • WiFi connected cameras

It may be days or even weeks before this vulnerability is patched on mobile devices, and in the case of some older phones and tablets, this vulnerability may never be patched if the manufacturer has abandoned support for that particular model. Windows 10, 8 and 7 have already been patched. Apple has a patch in beta right now for most of its late model devices and OS X, and most variants of Linux are already distributing patches for this hole. Firmware updates for higher-end, late-model routers and access points are likely to happen, but it will vary greatly by manufacturer and age of device, and it’s still too soon to tell when or if automation and security devices will be patched.

Image Courtesy of Stuart Miles at FreeDigitalPhotos.net

  • Tweet

What you can read next

Warning!
New ransomware encrypts entire disk
Old Accounts Can Come Back to Haunt You
Instagram Logo
Instagram can now use your content to make money

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Apple-logo.png

    New Malware hits 30k Macs

    Not even three months into Apple’s releas...
  • Biohazard warning

    Poor IT practices led to Florida utility hack

    Last week the sleepy Florida town of Oldsmar ma...
  • Facebook – Too little, too late?

    When working with people who are actively attem...
  • Things you should know as a WFH Pro

    While the past year has been no picnic for anyo...
  • Who Protects the Protectors?

    If you’ve used a computer – Windows...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP