IT researchers have announced the discovery of a security hole in WPA2, the most common Wi-Fi communications encryption standard. The exploit uncovered could allow malicious persons to steal even encrypted wireless data “KRACK” can be mitigated by software running software updates on your platforms. KRACK can be leveraged to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and other sensitive information. An attacker also may be able to inject ransomware or other malware into websites.
The good news is that the major tech hardware and software vendors quickly started announcing fixes as well. Microsoft released a patch on October 10th (quietly). iPhone and iPad are safe provided you have IOS 11. The devastating news right now, Android has major design flaws. As with most Android device, they are not updated by the carrier and almost completely ignored. At the time of writing this article, I see no reference on the major Carriers websites announcing a security patch to any mobile devices.
As with most security issues, there is more to come. In some cases, once announced it may get worse. My suggestion, for the time being, is in public areas do not use public Wi-Fi, stick to your 4g connection. Please also understand that even if you somehow find yourself on public Wi-Fi, the overall impact will be limited. These attacks are targeted and local to a general area (~500feet). I should also note, even if by some chance you are KRACK’d most of the web traffic these days is encrypted VIA SSL, which is not impacted by this WPA2 flaw. For example, upon login to your online banking account in a KRACK’d environment, really, the only data visible to the hacker is that you went to bank.com. No data can be decrypted beyond that. Most websites use SSL including the site you’re are on right now.
To secure your PC Please run Windows updates ASAP. For MAC laptops & desktops there is no patch to date but should be expected in the next few day or weeks. For Android devices, this may be the wakeup call google needs to finally have some level of continuity between their platforms. Android, unlike Apple, does a very poor job maintaining its platform, only time will tell, but my money is on little to nothing will be done this time around as well. It will be left in the hands of the carrier to push updates to its supported mobile platforms.
Justin K Plaza | JKP Technologies | 914-410-6567