A massive and widespread vulnerability has been uncovered that can impact any device that uses Wi-Fi. This new cyber threat has been dubbed KRACK, and it allows hackers to decrypt and view the network and Internet traffic of a targeted user and gives them the ability to steal sensitive data like credit card numbers and passwords.
KRACK works by tricking wireless devices (laptops, phones, mobile devices, etc.) into using an already used and “known” encryption key so that the attacker can decrypt and view traffic that is sent over a “secure” wireless network. It does this by exploiting a recently discovered vulnerability in the WPA2 (Wi-Fi Protected Access) protocol. WPA2 is the protocol that is used by nearly every modern secure Wi-Fi network. Once the encryption has been “broken” not only can a hacker spy on your web traffic and help themselves to personal information, but they can also inject ransomware and other malware into websites.
Note: This impacts wireless devices using WiFi, not your workstation or laptop that is using a wired Ethernet connection.
The key to protecting against KRACK attacks on a wireless network is to not rely on the encryption built into the wireless network. Instead, utilize only SSL encrypted websites (look for a green lock and the word “Secure” on the left-hand side of the address bar when you load a website, and for a website address beginning with https:// not http://), or to utilize a VPN.
We are monitoring developments related to this hack to minimize risk to our clients. Microsoft has already released patches to defend against this vulnerability, and these updates have already been applied to our managed service clients. Additionally, defenses for our WiFi clients were deployed shortly after the vulnerability was discovered. These measures ensure that Insight’s clients are well on their way to defeating this latest wave of illegal hacking.
If you have any questions or want more information about the steps you can take to protect yourself and your business against KRACK, email us at firstname.lastname@example.org or call (800) 279-4796.