You may have heard something in the news about the WPA2 Security Vulnerability, aka KRACK WiFi vulnerability. We’re here to help explain what it is and what you can do to help protect your company from a potential attack.
What to know
- WPA2 is one of the most widely-used security protocols on WiFi networks.
- It was recently determined that there is a weakness in WPA2 protocol that may compromise the privacy of your company’s WiFi connection.
- As a result, any information transferred on a non-secure website may be vulnerable to a Key Reinstallation Attack (KRACK), whereby others could eavesdrop on your data and/or potentially attack your network.
- To take advantage of a possible wireless network vulnerability, the attacker needs to be in physical proximity of your WiFi network.
- Connections to secure websites are still safe, as are other encrypted connections such as virtual private networks (VPN) and SSH communications.
- You can determine whether a website is secure or not by looking for the padlock icon in the website’s address bar or the letters “https” in the URL. If either is present, the website supports HTTPS and is secure.
What to do
Apple and Microsoft have already released security updates to address this issue. Make sure you install them if you use their operating systems. Once updated, these devices will not be vulnerable to this type of attack, even when connected to a router or access point that is still vulnerable.
Consider what devices may be connected to WiFi in your home and make sure you have installed all recent updates.
It is also good practice to update your anti-virus software. While it does not protect specifically against this type of attack, it may help protect your device from viruses or malware.
Plug in if you’re worried.
This KRACK vulnerability only applies to WiFi connectivity. You can always use an Ethernet cable to connect your modem/router directly to your computers or streaming devices.
We are following industry-wide updates and working closely with our modem/router partners to remain up to date on this issue. If there is any action required on your part such as installing a firmware update, we will contact you about next steps.