It is called “Key Reinstallation Attack” or KRACK for short and can be used by cyber-criminals to bypass WPA2 network security and read information that everyone assumes is encrypted and secure. This will allow criminals to steal sensitive data passing over wireless networks, such as passwords, credit card numbers, emails, chat messages, photos, etc.
According to Vanhoef, this particular attack affects all WI-FI networks using WPA2 encryption. Code to the full exploit will be made available when enough time has been given to manufacturers to patch their products, however this won’t stop hackers from using the information to create their own attacks.
What to do: Immediately install any firmware upgrades from your manufacturer as soon as fixes are available. If you do not receive a notice of a fix from your manufacturer, contact them immediately.
Older Wi-Fi equipment may need to be replaced and XSolutions suggests using business-class wireless access points in addition to a real security gateway firewall to protect your network.
If you are an XSolutions Managed Services client, we will be working to help ensure your network is updated as new firmware comes out and will advise of any necessary changes.
Further background on this exploit can be found here.
XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 250+ Petabytes of data with over 800 employees around the globe. Call (845) 362-9675 and lets discuss your specific needs.