Does your computer have you as lost as Alice and as mad as the Hatter?
So, it was just announced that every WIFI connected device in the world is subject to a vulnerability known as the KRACK vulnerability.
This vulnerability makes it possible for a person to intercept unencrypted traffic between your WIFI router and a connected device, such as your phone or computer.
The vulnerability is found in the WPA2 encryption protocol, which is in charge of encrypting the signal between your WIFI router and a connected device. As a result every WIFI device in the world will need to be updated with a software patch to fix the vulnerability.
Yes, this is scary and problematic. But don’t panic. Here are the facts about what’s going on:
- An attacker can only intercept unencrypted traffic traveling between your router and a connected device.
- The attacker needs to be within range of your network in order to intercept traffic.
So what should you do?
First, make sure that, when using WIFI, you are doing so via HTTPS. This is signified by the green lock in your browser’s address bar and it means that all traffic between your browser and the website is encrypted, even while it’s traveling over the WIFI connection.
Second, don’t use public WIFI to send sensitive information. For example, don’t log into your bank account while you’re at Starbucks. Use your cellular data instead. While technically you should be protected by the HTTPS ( if your bank does not use HTTPS then you have a bigger problem right now ) I would recommend an extra measure of caution and suggest that, until this issue is resolved, don’t bank online over public WIFI.
Third, your WIFI router and devices will have to be updated. You’ll have to check whether or not your device auto-updates, and whether any updates are available. As far as your WIFI – if your WIFI came from the ISP, you might have to wait for them to push out an automatic update. You can find out by calling your ISP. If you can log in to the admin panel of your WIFI router you can most likely update it yourself. Here’s a list of current patches available for the vulnerability: https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/
Fourth, switch to Ethernet if possible. Since it’s a cabled connection, it’s not vulnerable.
And finally, if you own or run an office that provides guest WIFI, I would consider disabling that connection until a tech has patched your WIFI or advised that it is safe. While not likely, it is possible that somebody could use packet injection to instal malicious software on your network. Like I said, this is not likely. But since it is a possibility, I would be remiss in not mentioning it.
Most importantly DON’T PANIC! Mad Hatter Techs is here to take of your IT related concerns. Give us a call any time.