WiFi - WPA Vulnerability found
On October 16, 2017, a statement from the International Consortium for Advancement of Cybersecurity on the Internet (ICASI) was released alerting the industry to a series of WPA vulnerability flaws for WPA and WPA2. This means your wireless network and devices are not secure and action is required to patch this flaw.
These vulnerabilities are at the protocol-level and affect a large number of wireless infrastructure devices and wireless clients, across many vendors. This security flaw means that, for vulnerable clients and access points, WPA and WPA2-encrypted Wi-Fi traffic is no longer secure until certain steps are taken to remediate the issue. The Wi-Fi data stream, including passwords and personal data, can be intercepted, decrypted, and modified without a user’s knowledge.
The flaw, known as KRACK, affects WPA2, a security protocol widely used in most modern Wi-Fi devices.
In some cases, a hacker could exploit KRACK to inject malware such as ransomware into websites, according to KU Leuven's Mathy Vanhoef, the researcher who discovered the WPA vulnerability. Vanhoef's findings were reported by tech site Ars Technica early Monday morning.
What is KRACK
Who's affected
Any device using WiFi is effected such as smartphones, laptops and tablets but especially Android and Linux operating systems.
Creative Folks are currently assessing all our managed services customers networks and devices and working with our main vendors such as Watchguard, Datto, Microsoft, Apple and others to identify and prepare a plan to apply patches to remedy.
For those of you with WiFi networks at home, please contact the vendor of your devices and ensure you update then as soon as possible. If you are unsure what to do or want to learn more, please free to reach out to our team at Creative Folks and we will be more than happy to assist you.