If you work in the IT world, or at least try to keep up with technology, you’ll know today that the method of encryption many of us use on our Wifi networks. WPA2, has had a seriously security flaw outed.
Known as KRACK, the exploit attacks a vulnerability in the handshake (the bit when you join a wifi network to you and me) part of the WPA2 protocol. It’s been revealed that pretty much every client (something you use to join a wifi network, such as your phone, tablet or laptop) device is vulnerable to this exploit, and while we wait for our vendors to issue a patch to fix it, what exactly should you, the average joe on the street be doing to ensure your safe until that time?
One good thing is, it’s only clients that are affected. So your Wifi routers and access point’s at home, are ok, but if you haven’t checked to see if there’s an update to the firmware of your router, it might be a good time to check. If your router is owned by your Internet provider, then they are probably maintaining this side of thing’s for you, but if you purchased the access point or router yourself, it’s worth keeping the firmware up to date at all times in order to patch any vulnerabilities.
So what about our phones and laptops etc.
Until our devices are patched, you should probably do the following just to be safe.
- Avoid Public Wi-fi at all costs.
- Only use secured services, if you need to enter a password into a site, ensure it’s using HTTPS
- Where possible, use a wired network
Does it all really matter?
This is not a case where you should feel immune because your data isn’t valuable enough. The majority of attacks using this exploit will be opportunistic. Kids who live in your building, shady characters who drive the neighbourhood looking for Wi-Fi APs and general mischief makers that are already scanning Wi-Fi networks around them.
Google have announced they will be issuing a fix for supported devices on November 6! Supported devices here is a keyword, and something that is a pet hate of mine when it comes to Android devices. Most Android devices have a support lifecycle of just 3 years. From launch date. No matter how juicy a spec they are. So if your device is over 3 years old, it’s probably never going to receive this update. If you’re an Android fan when it comes to your handsets and the device is already over 3 years old. Seriously start thinking about taking an upgrade.
The same can be said if you are on an iPhone 5 or iPad 5th gen or below user.
Windows 7/10 should receive an update soon, and MacOS users as long as your OS is currently supported should also receive the update. People using Linux will be too clever for reading my blog, and will be the first to point out that it was patched same day!
For a full list of vendors and their current status of issuing a patch for this problem, you an view a compiled list on github here.
Update: some info for Apple Users