On Monday 16th October, researchers announced that one of Wi-Fi’s fundamental protocols, known as WPA2, had been broken, leaving most users potentially exposed to hack attacks.
Tony Freeth from Medusa Business explains what it all means and how flexible workspace operators can handle Wi-Fi’s new vulnerability, known as the ‘Krack’:
While there is no evidence that potential attacks -- which include eavesdropping, hijacking and malware injections -- has occurred, there is a race to secure the world’s Wi-Fi before potential becomes actuality. In security terms, we call this a ‘vulnerability’, and it has a name - ‘Krack’.
Most shared workspace provides some form of Wi-Fi and thus operators should take steps to eliminate the threat. However, communications with end users are important to reassure the less informed, whilst also giving confidence that you are meeting your duty of care as service provider.
The WPA2 security icon is supposed to be trusted, but until you take action, it can’t be.
Understanding the issue
Firstly, nearly every commercial Access Point make is affected, and therefore if you are offering Wi-Fi you probably have the problem.
So, if your manufacturer offers an update or ‘patch’ for your access points, you must take steps to see this is applied to your hardware, and without unacceptable delay.
A few manufacturers say they don’t need a patch -- but time will see if they are right, or just overconfident.
The Krack threat is targeted at access devices (‘clients’), and thus end users have their part to play in getting their own devices fixed. Fortunately, operating system providers will eventually do this for your users -- so long as automatic updates are enabled.
Of course, there are still many users of obsolete and un-updateable versions of Windows or IOS -- but updates to your Access Points are supposed to help with this.
Things to do: