Krack (Key Reinstallation Attack)
As you may have heard in news media, a serious weakness in the WiFi Security WPA2 protocol has been identified. This may allow attackers within range of vulnerable WiFi devices or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.
• The exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated distribution of updates and patches for vulnerable hardware.
• Updates are required for almost every WiFi capable device in the world.
• We would recommend not using WiFi devices to access your banking or enter credit card details online until you are satisfied that you have updated or patched both the WiFi access-point and your laptop/phone. If possible, use cellular or ethernet connections.
• If you own your own electronic devices, be it laptops, cell phones or any other WiFi capable device, you will need to make sure they have the latest updates or patches applied to them to prevent being at risk from this newly discovered vulnerability.
• To find an update or patch for a laptop, make sure you have automated updates enabled under Windows or macOS or go to the control panel and run the updates manually.
• To find an update or patch for a modem, router or access-point go the manufacturers website and look for Support or Downloads and identify a recently released update or patch that covers this recently disclosed vulnerability, and follow the installation instructions.
• To patch or update an Android or iOS cellphone, go to the settings and make sure automated updates are enabled, vendors are working on updates due to be released November 6th 2017.
• If you have a Mikrotik Wireless Access Point supplied by TPNET then we will be able to help patch that device remotely. One of our team will be in touch over the next few days, we may be able patch the device while you are at work to make it easy. Please note, you will still need to make sure your personal electronic devices; be it laptops, cell phones or any other WiFi capable device, have the latest updates or patches applied to them to prevent being at risk from this newly discovered vulnerability.
If you have any questions please call us on 543 9094 and we will help where we can.