A serious vulnerability has been identified that affects ALL devices that support Wi-Fi, allowing attackers to decrypt “WPA2 connections”. In short, if you’re using Wi-Fi enabled devices, you’ll need to update the respective software else you may get hacked.
When you say ALL devices, what do you mean?
Literally, anything that allows Wi-Fi connectivity. The includes desktops, laptops, mobile phones, e-readers, routers, Wi-Fi printers… even your NEST, Amazon Echo devices, etc.
What is WPA2 and why does this affect me?
It is a protocol used to secure all modern protected Wi-Fi networks. It has always been thought of as a secure encryption protocol for Wi-Fi but this new discovery means it is possible for an attacker to access sensitive information we share over a Wi-Fi network using WPA2 (which, will affect pretty much everyone reading this post, as it is what the vast majority of people and organisations have in place worldwide).
Naturally, this means that you could be putting your personal information, and that of your organisation at risk – such as passwords, payment details, emails, photographs, etc.
Put simply, if your device uses Wi-Fi, then it is highly likely this vulnerability affects you. This isn’t limited to android devices, but affects Windows, Apple and every hardware provider under the sun.
How do I protect myself and the organisation?
Firstly, remember this affects any device you own or within your organisation that uses Wi-Fi and if you’re a frequent user of public Wi-Fi, or your employees are, then it is fair to say you’re at higher risk.
All major providers are working to ensure patches are released in the coming days. This means that the vulnerabilities which have been identified can be “patched” with a software update, so the best step to protect yourself and your organisation is to identify any patches that are released and ensure your devices are updated.
We’d recommend that you prioritise any devices that are used to access public Wi-Fi, such as mobile phones and laptops for those working away from the office, as these clearly pose the greatest risk.
But, I’m secure if I’m using HTTPS, right?
Wrong. Whilst it is generally fair to say that if you’re using HTTPS you will be secure, this vulnerability actually lets an attacker downgrade your connection from HTTPS to non-HTTPS connections, thus making you vulnerable – so you’re still at risk.
Updating Devices
Your computer devices, including your mobile and tablet devices may alert you when there is an important security update and, indeed, many may update automatically but be aware that you may also need to manually update, as many people don’t readily allow automatic updates. Now is a good time to check.
For all other devices, you may need to access the device to receive the latest software update. We’d recommend you search for the device’s manual on the internet to find out how to update them, as each device will differ (search for the device name and “firmware update” and this will likely find what you need”). The Wi-Fi vulnerability is being referred to as “KRACK” (Key Resolution Attacks), so be sure to check the firmware update covers this vulnerability so that you can be confident you have patched appropriately.
Given the widespread impact of this vulnerability, we’d encourage you to spread the word to ensure we can help people update their devices as soon as possible.
Subscribe to the Proofpoint Blog