- Claims & Risk Management
- No comments
Recently, Mathy Vanhoef, a researcher from a Belgium university, discovered a security flaw in Wi-Fi Protected Access II (WPA2)—a protocol that secures almost all modern, protected Wi-Fi networks. Through this newfound vulnerability, hackers can potentially gain access to encrypted information using what is called a key reinstallation attack (KRACK).
Any organization or individual that utilizes Wi-Fi is at risk for an attack, and hackers can use the KRACK method to steal sensitive information like credit card numbers, passwords, chat messages, emails, photos and most data that is stored or transmitted online.
What’s particularly troubling about this cyber threat is that it’s not tied to a specific machine or software and is more so a flaw in how WPA2 was originally designed. Essentially, all a hacker needs to do to access your protected information is to be near your Wi-Fi access point and execute a script that tricks a system into bypassing the security. Not only does this allow cyber criminals to eavesdrop on network traffic, but they can also infect connected machines with malware.
While Vanhoef demoed the vulnerability using an Android operating system, it’s likely that KRACK can be used against a number of others, including Linux, Windows and macOS.
Thankfully, KRACK can be controlled with patches, and Vanhoef warned many companies of the security flaw long before publishing his findings, giving them time to develop a solution. It’s possible your network may already be fixed.
Preventing Wi-Fi Hacks
However, there are still a number of precautions businesses and individuals should take, including the following:
- Update all laptops, smartphones, smartwatches and other devices that can be connected to Wi-Fi.
- Be cautious about using any hardware that has not yet been patched, as any information stored or transmitted on that device could be compromised.
- Contact your internet service provider to determine if you need to update your network.
To read the original findings on KRACK, click here. The Safegard Group, Inc. will continue to provide updates on this story as necessary, contact us if you’re concerned about your cyber liability related to this news.