All joking (and turn of the century internet meme’s) aside, this is a VERY BIG DEAL.
“KRACK” stands for Key Reinstallation AttaCK. When executed in a specific way, a third party would be able to eavesdrop on your network turning what should be private conversations into ones that could be listened in on.
The vulnerability is in WPA2, the encryption protocol that virtually all WiFi devices and networks in the world use.
Mathy Vanhoef and Frank Piesons at IMEC-Distrinet Research Group, Ku Leuven discovered this vulnerability and it is a doozy. But the good news is that unlike the vulnerabilities and hacks that rendered WEP useless and obsolete, this vulnerability can be patched.
If you want to deep-dive into the technicalities of the vulnerability, check out Vanhoef’s page at https://www.krackattacks.com
For a faster, more high level review that isn’t as technical but still quite informative, check out this video from Time Magazine:
So what do we do?!!!!!!
First off, take a deep breath … we’re here for you.
Keep in mind, inherently there is a little (emphasis on little) bit of physical security in WiFi due to the fact that the attacker needs to be close by. So the whole internet isn’t going to be able to hop into your network right out of the gate. It’s still very little in terms of protection, but important to keep in mind before you start ripping cables from walls and devices.
Here’s the bottom line
The only thing you can do aside from turning off all WiFi in all of your devices and stay hard-wired for the time-being … is wait.
Manufacturers are scrambling working on patches to fix all of their devices as we speak. Once those updates are out, update EVERYTHING to the latest patches and software. And we mean EVERYTHING. In this new Internet of Things world we live in, almost everything in your life will need a patch:
- Naturally network stuff like routers & WiFi access points
- Your computers, laptops, tablets, smartphones will need patches
- Got those fancy Phillips Hue lights? How about those Lutron lights that you can control with Siri or Google Home? They ALL need patches.
- You have one of those new Smart Fridges or Washing Machines? Patch.
- You have a Tesla? How about a Ford with Sync 3? Yep, your CAR needs a patch too!
So you can see the list of devices and manufacturers impacted is … well, almost everything! The good news is that there is a lot of motivation to fix things as quickly as possible.
One last thing though. It’s important to point out 2 companies in particular for being on top of this and showing why they deserve your hard earned dollars:
- Microsoft – They actually quietly patched Windows against this vulnerability LAST WEEK. (don’t get so smug Windows users … you may still need driver updates from manufacturers to be totally safe)
- Ubiquiti Networks – They were among the very first to issue a patch to all of their networking gear that was impacted right after it was made public! To put things into context, Cisco still hasn’t pulled that off and said it may be a few weeks before they can. (we’re guessing they’ll do it faster, just being conservative in their estimates)
Give us a call if you want to talk about buying and installing Ubiquiti wireless networks. If anything this vulnerability shows, is that they take security quite seriously. Within 24 hours of this vulnerability going public, all of our corporate maintenance customers using Ubiquiti products were fully protected.
That’s significant when even Google is saying that the company is “aware of the issue, and we will be patching any affected devices in the coming weeks.”
Stay safe out there.