Story image

Krack vulnerability puts Wi-Fi networks and devices at risk

17 Oct 2017

A global security vulnerability has emerged overnight that has the potential to put all Wi-Fi networks and the devices that access those networks, at risk of being compromised.

The Krack vulnerability, which was identified by a security researcher overseas, potentially allows a hacker to eavesdrop on Wi-Fi traffic.

The hacker would need to be within Wi-Fi range and would not be able to access encrypted traffic (e.g. most banking websites and some other applications).

This includes manufacturers of Wi-Fi access points (e.g. modems) as well as all end devices that connect to Wi-Fi networks (e.g. phones, tablets, PCs and laptops, other Wi-Fi enabled devices).

Internet service provider Spark advised customers to take care, as always, when using any public Wi-Fi network.

Ian Yip, cyber security software provider McAfee’s APAC chief technology officer says the issue is still developing.

“Based on what we know so far, this exploit requires an attacker to be in the proximity of the wireless device or network in question, which reduces the risk somewhat.

“For example, an attacker cannot use this exploit to compromise a wireless network or device from an indeterminate location halfway across the world. However, this is significant in that there is no readily available alternative, uncompromised protocol to use on a local wireless network until patches are deployed.

“We should note that while the exploit compromises wireless networks, point-to-point encryption between devices and websites or applications should still be secure. In the meantime, use physically connected wired access points where available,” Yip says.

“In the event that you have to use a wireless network, behave as you would when using a public internet connection. Risks can be further mitigated by ensuring you access all websites over HTTPS where available, and use VPNs at all times.”

Sparks says the Krack vulnerability only applies to private Wi-Fi networks that involve multiple access points (modems) as well as a Wi-Fi protocol that enables end users’ devices to seamlessly switch from one access point to another.

As the Krack vulnerability affects both WiFi access points and end devices and is relevant to every end device globally that can connect to Wi-Fi networks (e.g. smartphones, tablets, PCs and laptops, other Wi-Fi enabled devices).  

Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.