The recent revelation of a serious Wi-Fi vulnerability affects countless businesses and individuals. The potential for danger is so widespread that numerous people in web security have referred to Monday, 10-16-17, as Black Monday. All devices that support Wi-Fi may have been affected by this vulnerability, which enables attackers to decrypt WPA2 connections.
The Wi-Fi vulnerability is now being called KRACK, a shorthand term for the phrase “key reinstallation attacks.” Whether you are a business owner or someone who has provided any sensitive information online, this issue should be of concern to you. The team at Marketing Metrics Corp. hopes that everyone who might be affected will take this threat seriously, as well as take necessary action to protect their devices accordingly.
Researchers at a university in Belgium have detected a way that attackers can gain access to sensitive information. This information would be sent via a Wi-Fi network using WPA2, which is a protocol designed to secure modern Wi-Fi networks. In fact, according to Wigle.net, this protocol currently secures 60 percent of the Wi-Fi networks across the world. Essentially, any modern device that supports Wi-Fi is at risk of being affected.
Attackers could take advantage of this vulnerability to steal a wealth of sensitive information, including passwords, emails, chat messages, and credit card numbers. Additionally, attackers could inject malicious information, such as malware and ransomware, into Wi-Fi networks. Because the security risk is not with individual products, but with the general Wi-Fi standard instead, all products that properly utilize the WPA2 standard may be affected.
As more information about this threat is revealed, a growing list of products and vendors will be affected. Bleeping Computer is compiling and updating a list for your reference.
The following are just a few examples of the numerous vendors and products presently known to be affected:
This vulnerability could affect any or all the devices you own or use that rely on Wi-Fi. Using public Wi-Fi poses an even greater risk. Fortunately, the vendors that manufacture such devices are currently working on security patches which will be released as soon as possible. As these patches are released, everyone will need to update their hardware and devices. However, since the threat can be fixed via software updates, you should not need to replace hardware. When you update your devices, be sure to prioritize devices that rely on public Wi-Fi, such as mobile phones, tablets, and laptops.
These are some of the devices and hardware that users will need to update after the new security patches have been released:
To continue protecting your devices, you will need to update them as more security patches are released. Devices such as tablets, mobile phones, laptops, and desktop computers should prompt you when important security updates become available. Depending on your settings, these updates might be implemented automatically or manually. We recommend that you check for these periodically, so you may catch updates when they are released.
Other devices typically require manual updates, including printers, routers, and devices that support the “Internet of Things” (IoT) technology. You might need to sign into these devices, so you can manually update their firmware. If you do not know how to update your router, contact your internet service provider for assistance. You might also want to refer to device manuals or search online to confirm whether certain devices are affected by the threat.
Another recent security threat that we want to alert you to is called ROCA. This vulnerability involves an attack on public key encryption, which could weaken the process of authenticating software when it is being installed. The threat affects numerous other systems that depend on public/private key encryption and signing. To fix this, you should update devices with software updates released by the respective vendors. Look for security updates created to fix ROCA issues for your workstations and devices.
The term Black Monday was used this week because two major vulnerabilities (KRACK and ROCA) have the potential to be quite severe. It is vital to make these vulnerabilities known to your colleagues, families, and friends, so as many people as possible can update their devices before they are attacked. Please join Marketing Metrics Corp. in spreading the word about these two serious security threats.
We've seen a substantial increase in new business sales since Marketing Metrics Corp. took over our internet marketing efforts. As a result, they are now also working with our sister company. Dan Erschen, Wisconsin Metal Parts, Inc.
Marketing Metrics Corp. developed an on-going digital marketing strategy for us that helped us to bring in new business, increase our market visibility and grow our top-line revenue.
Dave Zimmerman, Pivot Point, Inc.
We were able to meet face-to-face on a monthly basis during our website redesign project. It went so smoothly that I now outsource all of our marketing efforts to Marketing Metrics Corp.
Mark Morton, Rheocast Company
I've worked with Marketing Metrics Corp. since 2006 to improve our internet presence and ultimately our sales revenue. They are the industrial marketing experts in Wisconsin.
Jim Banovich, Marsh Electronics, Inc.