Thursday, October 19, 2017

KRACK AKA WPA-2 Vulnerabilities

Some of you may have heard about the KRACK (Key Reinstallation AttACK) Vulnerability by now. It's widespread and it effects any platform or device that connects over wifi. It's a serious vulnerability because the flaw lies in the connection (Wireless Protected Access - WPA and WPA2) rather than the platform (Android, Windows, iOS, Linux). Platforms can be hardened against attacks, but updating the router is the main way to protect the data sent over wifi.

It is important to note that devices are only vulnerable to attackers if they are within the range of your network.

It only effects routers that are connected in bridge mode. Most routers are not in bridge mode as it is not a default setting.

One of the ways that you can protect your data when browsing the web is by installing the HTTPS Everywhere on your browser. You can find links to the extensions for Firefox (Firefox for Android is also included), Chrome and Opera browsers at the Electronic Frontier Foundation. There is currently no extension for Edge or Internet Explorer.
https://www.eff.org/https-everywhere

The response from tech companies has varied widely.

Microsoft, Apple and Ubuntu have all patched vulnerable systems and rolled out the fixes.

Google's response:
"We're aware of the issue, and we will be patching any affected devices in the coming weeks."

A slew of other devices that have not yet addressed the problem. I looked for a statement from Samsung and Verizon (my mobile device) this morning and could find none. I found a couple of customer inquiry messages on the Samsung community forum on a search engine, but when I went to the site, the messages had been deleted. I couldn't find anything on social media for either company.

Netgear's website is awesome. The directions for updating our router were crystal clear and up to date. It was easy.

You can find a brief description of the problem and list of devices effected here:
http://www.kb.cert.org/vuls/id/228519

Note that the statements from various manufacturers do not seem to be current. Your best bet is to go to the company's website and look for a statement regarding KRACK.

The most important fix will be updating your router's firmware. Again, it's best to visit the manufacturer's website for that.

If that is unsuccessful, try a search.

Of course, if you want help with any of this, give us a call and we'll be happy to help!

570-882-8851