Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT
Monday, 16 October 2017 / Published in Woo on Tech

Special Bulletin: Critical Vulnerability Found in Core Wi-Fi Protocol

Researchers released findings today on a critical vulnerability in the way devices using WiFi authenticate themselves with WiFi access points and routers. The exploit that takes advantage of this vulnerability is known as a Key Reinstallation AttaCK, or “KRACK” for short. Unfortunately for all of us, this vulnerability is actually found in a core protocol that is used just about everywhere, especially public WiFi hotspots.

DO NOT USE PUBLIC WIFI WHEN WORKING WITH SENSITIVE DATA

This has always been our advice to everyone – public WiFi networks are inherently insecure because it is impossible to control who is using the network, but this vulnerability adds to the growing pile of reasons to avoid using public WiFi unless you have no other alternative. Your office and home networks are only slightly more secure in that you have a marginal amount of control over who has physical access to the network, just by virtue of signal strength versus controlled space, but WiFi does travel through walls and over fence lines, so it’s still possible someone could be physically close enough to exploit this flaw without you ever seeing them.

Websites and applications that communicate via HTTPS and the use of a VPN will protect you from snooping, but won’t prevent someone from actually piggy-backing onto your data connection and sniffing all the unencrypted traffic, which can include many mobile apps and regular websites that don’t use HTTPS. For much better security, wired networks are still superior and are completely unaffected by this particular flaw.

The (somewhat) Good News:
  • This exploit has not yet been seen in the wild, and it does rely on someone being physically close enough to you to start the attack.
  • In any instance when either the provider or receiver are patched to fix this loophole, this exploit will not work.
The devices that are vulnerable to this flaw:
  • Android 6.0 devices and newer, which are just about all current and previous generation phones and tablets.
  • Any routers or firewalls with built-in WiFi
  • Just about all consumer-grade WiFi access points
  • Unpatched computers with WiFi capabilities
  • Home automation devices that rely on WiFi for control (Nest thermostats, Ring doorbells, etc.)
  • WiFi connected cameras

It may be days or even weeks before this vulnerability is patched on mobile devices, and in the case of some older phones and tablets, this vulnerability may never be patched if the manufacturer has abandoned support for that particular model. Windows 10, 8 and 7 have already been patched. Apple has a patch in beta right now for most of its late model devices and OS X, and most variants of Linux are already distributing patches for this hole. Firmware updates for higher-end, late-model routers and access points are likely to happen, but it will vary greatly by manufacturer and age of device, and it’s still too soon to tell when or if automation and security devices will be patched.

Image Courtesy of Stuart Miles at FreeDigitalPhotos.net

  • Tweet

What you can read next

The Final Countdown for Windows 7
Windows 10 Countdown
Biohazard
Is the Internet becoming polluted?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...
  • The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    I have had this conversation more times than I ...
  • Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote work is no longer a temporary arrangemen...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP