Last week, security experts revealed that WPA2, the most common security protocol used to protect Wi-Fi connections, was hacked. US-CERT, the Department of Homeland Security’s Computer Emergency Readiness Team, revealed that a team of Belgian researchers had deployed a proof-of-concept attack called c, short for Key Reinstallation Attacks, to exploit vulnerabilities that keep Wi-Fi connections safe.
The result of such an exploit? “Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” a report by security expert Mathy Vanhoef at Belgian university KU Leuven said. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on… It is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
Although the revelation shook the already on-guard cybersecurity world, government agencies in the US and Britain stressed the fact that information transmitted over secure websites — those with https in the URL address — would not be immediately affected by the breach, even if the Wi-Fi connection used to view such websites was compromised. In addition, encrypted connections such as virtual private networks (VPNs) and Secure Shell (SSH) would still be considered safe since information transmitted in this manner negotiates an additional layer of encryption.
Another silver lining from this announcement comes from the reminder that attacks on Wi-Fi connections require one thing that’s rare in the hacking world: physical proximity. In other words, a hacker would have to be near you and your computer to exploit a weakness in WPA2 security. So if you log in to a network at your local coffee shop or airport terminal, you won’t necessarily be vulnerable to every cyberthreat on the Internet.
Additionally, the KRACK attack is considered complex and complicated, meaning that its identification by security researchers before hackers get a hold of it could limit its impact “in the wild.” Technology companies were informed of the flaw in August, meaning that most have had several weeks to implement a fix. Microsoft has already released a security update to address the issues, while Google and Apple will be releasing patches in coming weeks.
Still, as many news outlets reported, this represents a major online security threat. But by following the security strategies collected by CMIT Solutions and outlined below, you can minimize the risk to your devices, your data, and ultimately your business.
If you have questions about the recently revealed Wi-Fi security breach, contact CMIT Solutions today. We offer elite-level system maintenance, backup and disaster recovery, data encryption, and cybersecurity services that are critical to your day-to-day business operation. With a trusted IT provider by your side, you can survive (and thrive) in today’s complicated technology world.