Back in October, a team of Belgian researchers released details about a wireless networking vulnerability dubbed KRACK (short for Key Reinstallation attACK). The vulnerability applies to all modern wireless networks using the WPA2 security protocol, regardless of how complex your WiFi security key is.
Any attacker within range of your wireless network can exploit the vulnerability to gain access to data being transmitted between the local router and any connected device. In other words, the exploit effectively turns previously secured networks into unsecured public networks, thereby allowing hackers to access potentially sensitive information or even inject malicious code into the data being transmitted.
What makes the KRACK attack so dangerous is that it exploits a weakness in the current wireless security standard itself, which is used by all modern WiFi networks. It does not affect individual products, regardless of implementation. In other words, if you have yet to make the changes necessary to safeguard your network, then it is most likely still vulnerable to an attack.
Update Your Router’s Firmware
The first and most important step is to update your router’s firmware. Most manufacturers have already released firmware updates for products that are still within their support lifecycles. However, most broadband routers are provided and branded by internet service providers, in which case you will need to ask your ISP for an update. If they don’t have one available, they should be able to provide a new router.
Install All Available Security Patches
One of the most important things to remember when protecting your network from the KRACK exploit is that all wireless devices need to be updated. This is because KRACK exploits vulnerabilities in the wireless communication protocol itself, rather than just routers and end points.
You should update all wireless devices, including those you would normally use a wired connection with. This way, you can be sure that there are no vulnerable devices left in your network. Things like laptops, phones, tablets and desktops with WiFi cards installed, should ideally be configured to download and install security updates automatically. In the case of Windows 10, for example, security updates can’t be disabled anyway, so long as the device is connected to the internet.
Update Internet-of-Things Devices
Making matters even more complicated is the fact that many businesses also have an increasing number of other internet-connected devices, such as security systems and other specialized IoT ‘smart’ devices. You’ll also need to ensure that these are updated and protected specifically from the KRACK exploit.
If there isn’t any update available for a specific device, you should seriously consider disconnecting it from the network. This is especially important in the case of wireless security systems, such as video surveillance cameras, which may make themselves accessible to hackers.
Given the terrible security reputation of IoT, you should make sure to audit your collection of connected devices, and consider getting rid of any devices that are not regularly patched and supported by their manufacturers.
Encrypt All Web Traffic
Another way to protect data during its journey between an internet-connected device and the local router is to encrypt it. This way, even if a hacker does gain access to data in transit, it will be useless to them. Encrypting web traffic also makes it safer to connect to the internet over unsecured public WiFi connections.
You can connect via a virtual private network (VPN) to ensure that all traffic is encrypted. Ideally, businesses should always use a VPN, particularly in the case of mobile devices that might be used for work at home or elsewhere. However, that doesn’t mean that connecting through a VPN is always safe. Be sure to choose a reputable service provider that offers enterprise-grade security and an impeccable track record with regard to performance, uptime and reliability.
Dyrand offers the full range of managed services to help businesses in Vancouver stay safe from the increasing multitude of cyberthreats. If you’re looking for 24/7/365 support and cutting-edge technology, talk with one of our experts today.