Subscribe

There's a hole in your WiFi

Are you vulnerable to a Krack attack?


Johannesburg, 13 Nov 2017

It sounds like a bad joke and inevitably raises giggles the first time you say it out loud, but a Krack attack can have very serious implications for all wireless devices that use WPA2, a protocol that secures all modern protected WiFi networks. First identified as a threat in early October, Krack stands for key reinstallation attacks and allows hackers to access information being transmitted over a WiFi network.

Ryan Roseveare, MD of BUI, says: "An attacker within range of a victim can exploit weaknesses in WPA2 security encryption to read and steal sensitive information such as credit card numbers, passwords, chat messages, e-mails, photos, and so on. However, the attacks can go beyond just accessing encrypted information. Depending on the network configuration, it's also possible for hackers to inject and even manipulate data."

However, the threat goes far beyond what you'd initially think. When you consider the number of devices that are being connected to the Internet on a daily basis in order to enable Internet of things applications, you realise that the number of vulnerable devices - and their data - is infinite. Everything from wearables to security cameras to smart water meters could potentially be hacked. Imagine the chaos if traffic lights were interfered with, or even escalators, for example.

The ability to access somebody else's WiFi has virtually become commercialised, says Roseveare. "You can buy devices off the shelf that have the necessary software to scan for networks, create access points and capture device details. It's that simple. You buy the device, watch a couple of YouTube videos and quickly learn how to crack WiFi passwords and access networks."

Attacks on WiFi networks are nothing new, this is just the latest version, says Roseveare. "In the old days, it used to be about impressing your friends and getting access to free WiFi. Today's hackers have gone far beyond that and are doing it for malicious reasons. There's a business model around cyber crime as a service, and you could be the next 'customer'. Cyber criminals are making money out of fraudulent activities. But that's not where the business model ends. Businesses, in turn, are always having to invest in software, hardware and services to be in a better security posture. There are two sides to the business model coin. However, businesses tend to keep buying stuff after the fact, they rarely equip themselves adequately ahead of an attack. You need to constantly be asking yourself, is the WiFi that you're accessing secure or is it vulnerable to attack?"

Krack attackers typically set up free WiFi access in public spaces like airports. Once people have joined their network, the hackers can send the connected phones, laptops or tablets malware that will ultimately allow them access to their devices. Once an attacker is into your device, they have access to your world, your bank accounts, your work, your social networks...your life.

What can businesses and individuals do to protect themselves from Krack attacks? According to Roseveare, the answer is to simply not use WiFi. However, this isn't practical, so the next best line of defence is to update your device as the majority of manufacturers - Microsoft included - have already started issuing patches that will ensure that your encrypted personal data stays that way. And in the meantime, it's probably safest to avoid using public WiFi altogether or get an expert to do a Wifi review for you. If you are a business relying on WiFi, you should also constantly review your WiFi security, connectivity and constantly update your technology in order to avoid being vulnerable.

Share