Wi-Fi Vulnerability Alert: What You Need to Know
Tips from Your Marketing & Security Allies
The recent revelation of a serious Wi-Fi vulnerability affects countless businesses and individuals. The potential for danger is so widespread that numerous people in web security have referred to Monday, 10-16-17, as Black Monday. All devices that support Wi-Fi may have been affected by this vulnerability, which enables attackers to decrypt WPA2 connections.
The Wi-Fi vulnerability is now being called KRACK, a shorthand term for the phrase “key reinstallation attacks.” Whether you are a business owner or someone who has provided any sensitive information online, this issue should be of concern to you. The team at Marketing Metrics Corp. hopes that everyone who might be affected will take this threat seriously, as well as take necessary action to protect their devices accordingly.
Understanding the WPA2 Wi-Fi Vulnerability
Researchers at a university in Belgium have detected a way that attackers can gain access to sensitive information. This information would be sent via a Wi-Fi network using WPA2, which is a protocol designed to secure modern Wi-Fi networks. In fact, according to Wigle.net, this protocol currently secures 60 percent of the Wi-Fi networks across the world. Essentially, any modern device that supports Wi-Fi is at risk of being affected.
Attackers could take advantage of this vulnerability to steal a wealth of sensitive information, including passwords, emails, chat messages, and credit card numbers. Additionally, attackers could inject malicious information, such as malware and ransomware, into Wi-Fi networks. Because the security risk is not with individual products, but with the general Wi-Fi standard instead, all products that properly utilize the WPA2 standard may be affected.
Which Products Are Affected
As more information about this threat is revealed, a growing list of products and vendors will be affected. Bleeping Computer is compiling and updating a list for your reference.
The following are just a few examples of the numerous vendors and products presently known to be affected:
- Microsoft Windows
How to Protect Your Devices from a Wi-Fi Hack
This vulnerability could affect any or all the devices you own or use that rely on Wi-Fi. Using public Wi-Fi poses an even greater risk. Fortunately, the vendors that manufacture such devices are currently working on security patches which will be released as soon as possible. As these patches are released, everyone will need to update their hardware and devices. However, since the threat can be fixed via software updates, you should not need to replace hardware. When you update your devices, be sure to prioritize devices that rely on public Wi-Fi, such as mobile phones, tablets, and laptops.
These are some of the devices and hardware that users will need to update after the new security patches have been released:
- Mobile phones
- Laptops and notebooks
- E-readers and tablets that access Wi-Fi
- Home and office printers that rely on Wi-Fi
- Routers used at home and in the workplace
- Desktop workstations
- Devices such as Amazon Echo, Google Home, and NEST
- Any other devices, electronics, and smart automation systems that access Wi-Fi networks
Automatic and Manual Updates for Your Devices
To continue protecting your devices, you will need to update them as more security patches are released. Devices such as tablets, mobile phones, laptops, and desktop computers should prompt you when important security updates become available. Depending on your settings, these updates might be implemented automatically or manually. We recommend that you check for these periodically, so you may catch updates when they are released.
Other devices typically require manual updates, including printers, routers, and devices that support the “Internet of Things” (IoT) technology. You might need to sign into these devices, so you can manually update their firmware. If you do not know how to update your router, contact your internet service provider for assistance. You might also want to refer to device manuals or search online to confirm whether certain devices are affected by the threat.
The ROCA Vulnerability
Another recent security threat that we want to alert you to is called ROCA. This vulnerability involves an attack on public key encryption, which could weaken the process of authenticating software when it is being installed. The threat affects numerous other systems that depend on public/private key encryption and signing. To fix this, you should update devices with software updates released by the respective vendors. Look for security updates created to fix ROCA issues for your workstations and devices.
Getting Past Black Monday… Safely
The term Black Monday was used this week because two major vulnerabilities (KRACK and ROCA) have the potential to be quite severe. It is vital to make these vulnerabilities known to your colleagues, families, and friends, so as many people as possible can update their devices before they are attacked. Please join Marketing Metrics Corp. in spreading the word about these two serious security threats.