KRACK

WPA2 security flaw puts almost every Wi-Fi device at risk

A flaw has been identified with the WPA2 handshake that can be used to compromise Wi-Fi security.

On Monday researchers published their findings on a serious WPA2 vulnerability that allows an attacker in range of Wi-Fi devices to intercept passwords, internet traffic and even inject malicious code into websites. WPA2 is the most common protocol for securing Wi-Fi and all wireless networks are likely to be at risk. The attack works against all unpatched devices however those running Android or Linux are currently thought to be most susceptible to the attack.

What should you do?

  • Be careful when connecting to any Wi-Fi network. Avoid connecting to unknown networks where possible.
  • Update all your devices as soon as updates are made available. Device vendors will be releasing security patches to address this issue in the coming days/weeks.
  • Check for the HTTPS ‘lock’ in the address bar on any websites with sensitive content. If the lock doesn’t show or isn’t green your data could be intercepted.
  • Be careful of what mobile apps you use on untrusted Wi-Fi networks. Many apps (including banking apps) have been proven to be susceptible to a HTTPS bypass that will cause them to communicate unencrypted.

All customers on our planned network maintenance will be having their Routers and Wireless Access Points patched as part of their scheduled maintenance.

For futher technical reading see bellow:
https://www.krackattacks.com/

From WAP and Router Vendors:
Sophos: https://community.sophos.com/kb/en-us/127658
UniFi: https://community.sophos.com/kb/en-us/127658
DrayTek: https://www.draytek.com/en/news/news/2017/how-are-draytek-wireless-products-affected-by-the-wpa2-krack-vulnerability/