Many people have always said that plugging in is always more secure than wireless connectivity. Wireless advocates have anyways claimed that wireless can be as secure as wired (some even bold to say “if not more secure”).
Although plugging in may be the most “secure” way, the truth is, nothing is impermeable. Including the highest grade of wireless security.
This week, we learned that WPA2 has been compromised, in one of the most fundamental ways. In short, we should no longer assume that wireless is secure without proper measures in place.
The latest chatter online is calling the technique of getting into any wireless network “KRACK”, which stands for Key Reinstallation AttaCK. If KRACK exists, then all wireless networks can be snooped on, regardless of the encryption. (The way it works is simple – it basically tricks your wireless to re-install an encryption key with all zeros).
Security protocols for Wireless Encryption keep getting hacked, but up until now, there has always been “a better protocol” to address the issue. This time, there is no better protocol… which is why this is a big deal. This means there are no cost effective ways to encrypt your wireless network unless you update your device to prevent the attack.
If you are running an old operating system (Windows 7 or older for example) you are 100% on your own. You will need to spend the time and do the research to patch your system.
Newer technologies are all getting patches to help put a band aid on the problem, so no matter what, don’t CHANGE your encryption protocols yet. Going down to WEP (etc.) is a BAD IDEA. And changing your WiFi password will not make any difference either. You need to make sure that all of your wireless infrastructure, switches and routers are upgraded, including your cell phone, laptop, tablet or gaming station (yes, anything with a wireless card is affected and needs to be patched right away).
ALL vendors are affected from what can be told at this point, and most have begun to issue patch updates. If you have auto-updates enabled with Windows Updates, you should have seen a security update take care of your desktop/laptop/server automatically. If not, you may wish to look into this to make sure you’re covered.
For a full list of vendors affected, check out this website: https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
And for the official technical debrief on KRACK, check out https://www.krackattacks.com/
If you need assistance patching your wireless infrastructure, send an email to firstname.lastname@example.org using subject “KRACK WiFi HELP” and we will help you make sure your environment is safe.