This week the KRACK (which stands for Key Reinstallation Attack) threat to the WPA2 security framework was announced. KRACK is especially relevant to the small businesses that we work with because usually, you don’t have a dedicated IT person to update your hardware on site.
Details of the danger
This danger makes traffic between wireless devices & your router susceptible to interception by a third party. This third party would just need to be within range of your wireless network without needing to log in. If the communication is encrypted, in the case of secure websites for instance, the third party would not be privy to the content of the communication. In the case of unencrypted communication however, the intercepting third party would see everything.
KRACK is mostly a local threat. Any individuals attempting to expoit the threat need to be in range of your router. I’ve always found that not publishing your network name eliminates the possibility of people discovering your network by chance.
Lock it down
Update all of your wireless devices beginning with your routers & modems.
- Run updates on all Windows, Apple, & Android devices.
- Here are links to a few popular router manufacters pages to help you get started on securing your own network.
We are putting on a free webinar on HIPAA security and we will cover updating router firmware for sure. If you want to attend it’s going to be from 1:00 – 2:00 PM CST. Register by clicking here