You may have seen or read in the press this week that there is a new cyber security risk relating to wireless network security.
What is this new threat?
The new exploit known as ‘KRACK’ has taken advantage of newly discovered vulnerabilities in wireless network security, this is what you need to know;
- The exploit allows an attacker to eavesdrop on traffic between computers and the wireless access point.
- The vulnerability exists within the ‘WPA2’ security protocol, which is generally the default option and currently the most secure available for wireless networks.
- The weaknesses are in the actual wireless protocol and not any individual wireless product or implementation. Because of this, any implementation of WPA2 in a Wireless Access Point could be affected.
- Any device using a WPA2 protected network is at risk, so whether a device is running Windows, Linux, iOS or Android they are all at risk of having the traffic intercepted.
- A business would have to be specifically targeted within their wireless signal zone. This mean that an attack is not necessarily imminent, however precautions should be taken.
How can you protect your wireless network?
To address this flaw, manufacturers of wireless devices will need to provide a security update to patch each device, for example; wireless routers and access points. There are many manufactures of wireless devices, some will inevitably be quicker than others and some will never arrive at all, especially with older devices.
If you’re running on cloud managed devices, updates should be applied by your IT support provider, or whomever manages them within your organisation.
For all other devices, be sure to contact your IT support provider to ensure these are patched as soon as the manufacturer releases an update.
What if an update isn’t provided?
In cases where wireless access points are not updated by the manufacturer, or the update will not arrive in an acceptable time frame, the safest course of action would be to replace your device(s) with a secure alternative.
If you would like to discuss your security moving forward, don’t hesitate to contact us to speak to one of our experts.