A major security flaw has been discovered which has a massive world wide impact.
Monday the 16th of October is being called “Black Monday” in many information security circles. A major Wi-Fi vulnerability has been announced that affects absolutely every device that supports Wi-Fi. The vulnerability allows attackers to decrypt WPA2 connections. A second vulnerability also emerged today, and we will cover that at the end of this post.
The Wi-Fi vulnerability is being called “KRACK”, which is short for Key Reinstallation Attacks.
To be fair wireless has never been super secure and the advice has been in secure environments to simply not use wireless. However, it is significantly worse than we thought. I will try be as non-technical as possible in this post.
I strongly recommend you spread the word to your friends and family and businesses do to the significance of this security risk.
WPA2 is a protocol that secures all modern protected Wi-Fi networks in your home and business.
Researchers at KU Leuven, a university in Flanders in Belgium, have discovered a way for an attacker to read sensitive information that is sent over a Wi-Fi network using WPA2.
Attackers can use this to steal sensitive information like credit card numbers, passwords, chat messages, emails, photos and more. Pretty much anything be transferred over the wireless network. The attack works against all modern protected Wi-Fi networks.
It does get worse as an attacker can inject malicious information into the Wi-Fi network. This could include ransomware and malware that could encrypt your files and photos and damage your computer.
The vulnerability is in the Wi-Fi standard itself, and not in individual products or their implementations. That means that all products that correctly implement the WPA2 standard are affected.
If your device supports Wi-Fi, it is likely affected by this vulnerability.
Products that are known to be affected by this at this time include Android, Linux, Apple, Microsoft Windows, Linksys and more. The list of affected vendors is enormous, and vendors including Amazon, Cisco and Netgear are scrambling to release patches to fix this issue.
BleepingComputer has compiled a running list of vendors that will be growing over time as more information about patches becomes available.
You can find out the technical details on the KRACK attack from the researchers themselves at krackattacks.com.
What to Do About the WPA2 Vulnerability
This affects every device you own that uses Wi-Fi. If your device uses public Wi-Fi, you are at higher risk. The vendors that make your products are working on patches which they will release in the coming days. As they release the patches, you will need to update your devices and hardware.
The good news is that this vulnerability does not require you to replace any hardware. It is fixable through a software update.
The devices and hardware you will need to update, once patches are released, include the following:
- Mobile phones
- Desktop computers
- Tablets and iPads
- Home and office routers
- Home devices like NEST, Amazon Echo and Google Home
- Printers, both home and office, that use Wi-Fi
- Any other device that uses Wi-Fi
You should prioritise devices that use public Wi-Fi higher than your other devices. This puts mobile phones and tablets at the top of the list.
How to Stay on Top of Updates
Your desktop, mobile and tablet devices will prompt you when an important security update is available. Many may update automatically. Most devices also provide an option to manually check for updates which we recommend you do or get advice on how to do it over the next few days and weeks.
For routers, printers and other “Internet of things” devices, you may have to sign into the device to manually update the device “firmware.” For routers, you can contact us or your Internet service provider for help if you are unsure how to update. You may need to consult the manual for devices if you are unsure.
The most important thing is not to stick your head in the sand and do nothing. Because hackers will develop software very quickly to take advantage of these vulnerabilities. This won’t just be in the next few weeks but the next few years.
Another vulnerability known as “ROCA” was also announced today. This is a little more technical.
It involves an attack on public key encryption which may weaken the way we authenticate software when installing it. It affects many other systems that rely on public/private key encryption and signing. Fixing this also requires you to update your devices using vendor-released software updates, so keep an eye out for security updates for your devices and workstations that fix any ROCA-related issues.
The combination of KRACK and ROCA is why we are referring to today as “Black Monday.” These are both severe vulnerabilities, and they emerged on the same day.