Skip to Main Content

Krack Security Vulnerability

October 18, 2017

Yesterday, a whitepaper vulnerability was published by Mathy Vanhoef of Belgian University KU Leuven.

The KRACK (Key Reinstallation AttaCK) vulnerability is an advanced Man in the Middle attack, allowing cybercriminals to redirect information transmitted through a wireless network, capturing usernames and passwords or other sensitive data. This vulnerability also allows an attacker to manipulate data, which may allow for the injection of ransomware or malware as data is being transmitted to or from a device.

Some device manufacturers have already issued patches to protect devices. However, any patched device that is connected to an unpatched access point is still vulnerable. Implementations can be patched in a backwards-compatible manner, meaning that a patched client can communicate with an unpatched access point, and vice versa.

Regardless, a layered attack can still exploit the vulnerability, whether or not a device is patched. Due to the scope of the insecurity, this issue may see decades of repercussions, with unpatched devices still being susceptible to cybercrime, and millions of routers and IoT devices that may never see a fix.

Luckily, the attack can only be carried out if a cybercriminal is within range of the wireless connection and the attack itself requires a wealth of technical knowledge. Therefore, the vulnerability has a low risk to affect our clients. However, we are taking a proactive approach to help mitigate the risk as the risk remains all the same.

We are working to patch devices as manufacturers publish fixes. At present time, devices with published patches have already been updated by us. We will continue to monitor for additional patches in addition to our other security monitoring efforts across our client networks.

In addition to our efforts, you can help ensure your own safety by checking for updates for your personal devices, such as your home router, computer and IoT devices. Turn automatic updates on for all your devices to safeguard them in a timely manner, or as soon as an update becomes available. A wired connection, if available for your device, can also help to protect your safety.

If you have any further questions about this vulnerability or your security, please feel free to contact us. We are working diligently to solve this issue and protect our clients from this security risk.

Back


  • This field is for validation purposes and should be left unchanged.

FREE CONSULTATION

See how our MANAGED SERVICES will empower your business growth