Last week, security experts revealed that WPA2, the most common security protocol used to protect Wi-Fi connections, was hacked. US-CERT, the Department of Homeland Security’s Computer Emergency Readiness Team, revealed that a team of Belgian researchers had deployed a proof-of-concept attack called c, short for Key Reinstallation Attacks, to exploit vulnerabilities that keep Wi-Fi connections safe.
The result of such an exploit? “Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” a report by security expert Mathy Vanhoef at Belgian university KU Leuven said. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on…It is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
Although the revelation shook the already on-guard cybersecurity world, government agencies in the U.S. and Britain stressed the fact that information transmitted over secure websites—those with https in the URL address—would not be immediately affected by the breach, even if the Wi-Fi connection used to view such websites was compromised. In addition, encrypted connections such as virtual private networks (VPNs) and Secure Shell (SSH) would still be considered safe since information transmitted in this manner negotiates an additional layer of encryption.
Another silver lining from this announcement comes from the reminder that attacks on Wi-Fi connections require one thing that’s rare in the hacking world: physical proximity. In other words, a hacker would have to be near you and your computer to exploit a weakness in WPA2 security. So if you log in to a network at your local coffee shop or airport terminal, you won’t necessarily be vulnerable to every cyberthreat on the Internet.
Additionally, the KRACK attack is considered complex and complicated, meaning that its identification by security researchers before hackers get a hold of it could limit its impact “in the wild.” Technology companies were informed of the flaw in August, meaning that most have had several weeks to implement a fix. Microsoft has already released a security update to address the issues, while Google and Apple will be releasing patches in the coming weeks.
Still, as many news outlets reported, this represents a major online security threat. But by following the security strategies collected by CMIT Solutions and outlined below, you can minimize the risk to your devices, your data, and ultimately your business:
We all have to use it at some point to get work done on the road. But since anyone else can access the same network you’re on (and hackers can exploit it with tools even more basic than those used to crack WPA2 security), public Wi-Fi represents the most vulnerable connection there is.
Stick with general browsing if you do use public Wi-Fi—that means avoiding financial transactions, password resets, file transfers, and other transmissions of personally identifiable information.
If you only need a few minutes of connectivity, consider using your phone as an Internet hotspot; otherwise, consider implementing a virtual private network, which keeps your web browsing secure and private by passing web traffic through a specific server.
As new exploits and vulnerabilities pop up, enhanced tools are required to combat them. From antivirus solutions to Internet traffic analysis, identification of new forms of malware and phishing attacks, and content filtering to protect computer users, comprehensive security requires a variety of strategies to provide an umbrella of protection.
The aforementioned WPA2 vulnerability can be neutralized by updates and patches—but if you’re a small business owner, keeping up with such updates and patches can be tough. That’s why CMIT Solutions offers proactive monitoring and management that deploys updates automatically to keep your systems and your employees safe.
If you have questions about the recently revealed Wi-Fi security breach, contact CMIT Solutions today. We offer elite-level system maintenance, backup and disaster recovery, data encryption, and cybersecurity services that are critical to your day-to-day business operation. With a trusted IT provider by your side, you can survive (and thrive) in today’s complicated technology world.