Block on Trump's Asylum Ban Upheld by Supreme Court
If you use a password protected Wi-Fi network, chances are you're using a WPA2 password. Most consumer Wi-Fi routers and connected devices have been using the WPA2 standard for years. And until this past week, WPA2 was pretty much considered safe, but now, experts are warning Wi-Fi users about a new hack that threatens to unravel the core of WPA2 security.
The KRACK hack exploits a process in the WPA2 protocols called the "four-way handshake." This is, in effect, an exchange of information between devices and router that allows someone to be granted access by verifying the device has the appropriate key. The hack takes a flaw in this process to gain access to a network, allowing a hacker to monitor, copy, manipulate, send and stop information on the network.
What Can You Do?
Since not using Wi-Fi probably isn't an option, you might be wondering what you can do to protect yourself. If your devices are not set to automatically download and install legitimate security updates, you should check to see if your computers and devices have recent security updates to be installed.
As experts have pointed out, the flaw is fixable but will require companies that make affected products to release patches to close the exploit. Several companies have done so already, or have released patches to at least reduce the risks. If you use WPA2 security on your firm, or home, network, it might not be a bad idea to refresh your offline backups ASAP in case you suffer a breach and need to shut down or replace your systems or recover your data.
Fortunately, there have been no reported cases of KRACK attacks in the wild. However, that doesn't mean the exploit won't be used. Researchers reported on it during the Black Hat security conference this past summer, and the same researchers are scheduled to formally present more about it next month. However, between then and later, malicious hackers will likely try to abuse the exploit. Unfortunately, short of installing a network activity monitor, and learning how to monitor your network, there may not be much you can do on your own while also running your practice.
If you are truly concerned that your firm will be hacked before patches are released, you can bring in a consultant that will be able to put together some form of two-factor authentication for network access.