A massive and widespread vulnerability has been uncovered that can impact any device that uses Wi-Fi. This new cyber threat has been dubbed KRACK, and it allows hackers to decrypt and view the network and Internet traffic of a targeted user and gives them the ability to steal sensitive data like credit card numbers and passwords.
KRACK works by tricking wireless devices (laptops, phones, mobile devices, etc.) into using an already used and “known” encryption key so that the attacker can decrypt and view traffic that is sent over a “secure” wireless network. It does this by exploiting a recently discovered vulnerability in the WPA2 (Wi-Fi Protected Access) protocol. WPA2 is the protocol that is used by nearly every modern secure Wi-Fi network. Once the encryption has been “broken” not only can a hacker spy on your web traffic and help themselves to personal information, but they can also inject ransomware and other malware into websites.
Note: This impacts wireless devices using WiFi, not your workstation or laptop that is using a wired Ethernet connection.
While patches are already being applied, the key to protecting against KRACK attacks on a wireless network is to not rely on the encryption built into the wireless network. Instead, utilize only SSL encrypted websites (look for a green lock and the word “Secure” on the left-hand side of the address bar when you load a website, and for a website address beginning with https:// not http://). It is also wise to use a VPN whenever possible.
Protecting Your Business from the KRACK Hack
We are monitoring developments related to this hack to minimize risk to our clients. Microsoft has already released patches to defend against this vulnerability, and these updates have already been applied to our managed service clients. Our goal is to ensure that OutsourceMyIT’s clients are poised to defend against this latest wave of illegal hacking.
If you have any questions or want more information about the steps you can take to protect yourself and your business against KRACK, email us at firstname.lastname@example.org or call (973) 638-2722.