Warning as Wi-Fi Users Potentially Exposed to ‘Krack’ Hack Attacks

Warning as Wi-Fi Users Potentially Exposed to ‘Krack’ Hack Attacks

On Monday 16th October, researchers announced that one of Wi-Fi’s fundamental protocols, known as WPA2, had been broken, leaving most users potentially exposed to hack attacks.

Tony Freeth from Medusa Business explains what it all means and how flexible workspace operators can handle Wi-Fi’s new vulnerability, known as the ‘Krack’:

While there is no evidence that potential attacks -- which include eavesdropping, hijacking and malware injections -- has occurred, there is a race to secure the world’s Wi-Fi before potential becomes actuality. In security terms, we call this a ‘vulnerability’, and it has a name - ‘Krack’.

Most shared workspace provides some form of Wi-Fi and thus operators should take steps to eliminate the threat. However, communications with end users are important to reassure the less informed, whilst also giving confidence that you are meeting your duty of care as service provider.

The WPA2 security icon is supposed to be trusted, but until you take action, it can’t be.

Understanding the issue

Firstly, nearly every commercial Access Point make is affected, and therefore if you are offering Wi-Fi you probably have the problem.

So, if your manufacturer offers an update or ‘patch’ for your access points, you must take steps to see this is applied to your hardware, and without unacceptable delay.

A few manufacturers say they don’t need a patch -- but time will see if they are right, or just overconfident.

Cyber security

The Krack threat is targeted at access devices (‘clients’), and thus end users have their part to play in getting their own devices fixed. Fortunately, operating system providers will eventually do this for your users -- so long as automatic updates are enabled.

Of course, there are still many users of obsolete and un-updateable versions of Windows or IOS -- but updates to your Access Points are supposed to help with this.

Things to do:

  1. Contact your Wi-Fi supplier and ask them about their plans to update you, if needed. They should know whether their recommended manufacturer has an update available now (eg: Ubiquiti, Aruba) or whether the manufacturer isn’t yet sure, or needs a few weeks (Cisco, Apple). Some, like Engenius insist no update is needed, but that might change.
    • Determine how the updates will be done, and whether it will interrupt service or require a site visit (the best manufacturers ensure updates are performed both remotely and semi-automatically).
  2. On the client-side, Windows is quick off the mark and an update will be issued via their automatic system. Most Linux users could be OK, but the Apple situation is unknown. Making this information available may be reassuring to your users.
  3. Inform your staff and give them some text, based on feedback from your supplier and this note.
  4. Keep monitoring official sources. Searching “Krack” + the name of your manufacturer should take you to an official notice for your devices.
This is an opportunity to demonstrate the benefits of serviced workspace. The key is not to panic, but be informed and be proactive.

You have not added any business centres, partners or brokers to your shortlist, do you want to continue?