Blog

The Key Reinstallation Attack (KRACK), Wi-Fi security flaw symbol on green binary code background.

How The Three Titans Are Addressing Wi-Fi Vulnerability

The three Titans, Google, Microsoft and Apple address security issues with KRACK.  

KRACK Wifi Security

Just when everyone thought Wi-Fi was safe, that illusion was recently shattered.  Security researcher Mathy Vanhoef has discovered a vulnerability that he’s calling “KRACK.”  The flaw is in the WPA2 protocol, and everyone’s Wi-Fi network is at risk of being hacked.  The vulnerabilities include HTTP content injection, packet replay, decryption, TCP connection hijacking and more.  Hackers could gain access to credit card numbers, photos, passwords, and emails. The WPA2 woes will have an impact on both home users and business users.

Apple, Google, and Microsoft

Microsoft was the first Titan to respond to the news. “We have released a security update to address this issue, says a Microsoft spokesperson in a statement to The Verge.  Customers who apply the update, or have automatic updates enabled, will be protected.  We continue to encourage customers to turn on automatic updates to help ensure they are protected.  Microsoft says the Windows updates released on October 10th protect customers, and the company withheld disclosure until other vendors could develop and release updates.”  Apple is also on top of its game.  Patches and fixes for tvOS, watchOS, macOS, and iOS are in beta and will be released in a software update shortly.  Google is scrambling to fix the issue and will do patches on any affected devices over the next few weeks.

The new security flaw has been described, innovative and unprecedented, and it’s really up to the Titans to properly address the problem.  Apple, Google, and Microsoft are fully aware that once they fix this vulnerability, another one will be on the horizon.  Cybercriminals will always find and exploit vulnerabilities.  It’s always an endless cycle.

Other smaller tech companies have also responded to the KRACK security bug.  “Cisco also said it had published a security advisory to detail which products are affected, and a blog to help customers better understand the issue.  Fixes are already available for select Cisco products, and we will continue publishing additional software fixes for affected products as they become available,” a spokesperson said.  “Intel confirmed it was working with its customers and equipment manufacturers to implement and validate firmware and software updates that address the vulnerability.  It also released an advisory.”

What Consumers Should Do About the KRACK Security Bug

All Wi-Fi users should take steps to protect themselves and their devices. They must manage their router patches and settings.  In addition, consumers should avoid using public Wi-Fi networks.  Any security updates provided by Apple, Google, and Microsoft should be installed on both routers and devices. Norton offers a Wi-Fi vulnerability alert and privacy.  It will encrypt traffic and protect against identity thieves.  Your information will be invisible to hackers.

Public Wi-Fi is a top target for cybercriminals.  It’s important to note that these Wi-Fi access points aren’t well secured.  Airports, coffee shops, shopping centers, and hotels are prime hunting ground for hackers trying to steal personal information.  KRACK is just another tool in the cybercriminals arsenal.

For consumers whose smartphones, PCs and routers don’t yet have updated solutions, there are still some steps that can be taken to protect online privacy.  VPN software can offer protection since it encrypts all traffic.  Although changing a Wi-Fi password won’t specifically prevent a KRACK attack, it’s still advisable.

How do attackers implement KRACK?  There are several conditions that must be met.  First, the cybercriminal must be within physical proximity of the user. Second, the user’s device must be wirelessly enabled.  Third, the cybercriminal executes a man-in-the-middle to intercept traffic between the user’s device and the wireless access point.

Decades to Uncrack KRACK

It will take decades to uncrack KRACK.  The challenges go way beyond a mere patch and are not limited to just tech devices.  For example, the company Netgear took immediate action after the KRACK attack.  Fixes were available for dozens of router models.  But, the company makes over 1,000 router models.  Each needs to be tested, and the company will need partners to do a full fix.  How long will that take?  These challenges aren’t unique to Netgear either.  It just underscores how ill-prepared the industry is in this type of calamity.  This just covers routers, too.  What about Wi-Fi IoT devices?  The KRACK vulnerability could affect security cameras, garage doors, and even appliances.

Keep in mind that “There is no evidence that the KRACK vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections, read a statement published by a Wi-Fi industry trade group.  This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users.  Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.”  That should keep consumers and businesses from panicking.

All around, the key to fighting a cyberattack is in the hands of the top three Titans and other major players in the technology industry.  New defensive strategies must be employed, and the public needs to be educated and updated on current threats when using technology for home or business.  However, with Google, Apple, and Microsoft at the helm, we should all be in good hands.

Share
Steve West

Steve West

Ntegra IT is devoted to providing reliable Computer Support to businesses that want to improve productivity and profitability. We deliver custom designed Network Services that better map to your business, so you can stop worrying about your technology and get back to achieving your business goals.