On October 16, 2017, security researcher Mathy Vanhoef publicly disclosed a serious vulnerability in the WPA2 encryption protocol. This Wi-Fi vulnerability affects millions of routers, smartphones, PCs, and other devices, including Apple’s Macs, iPhones, and iPads. By using a key reinstallation attack, dubbed Krack, an attacker can exploit the weaknesses and gain access to sensitive information such as: credit card numbers, personal information, passwords, usernames, photos, and business data that is accessed via the Wi-Fi in question.
While this latest attack has many computer and mobile users concerned, it is not really the time to push the panic button quite yet. There are still steps that you can take to protect your information. In fact, only six weeks after the event most operating systems have a patch and workaround planned that will eliminate this weakness. Apple has announced that it already has an antidote to the vulnerability affecting Wi-Fi routers across the board. The only catch is that the solution is currently only available as part of the latest beta version for iOS, 11.1 Developer beta 3. Google was also reported to release a patch in early November to secure Wi-Fi connections on Android devices. In the meantime, here are a few suggestions for users to exercise caution and prevent the Krack attack from impacting you and your sensitive information.
Protect Yourself from Krack
- Avoid using public Wi-Fi, but if you must, stay away from any personal or business activities such as banking, business software, CRM, patient management software, or Medical EMR applications.
- Consider using a VPN or Virtual Private Network, which means that all your network traffic (not just your web browsing) is encrypted, from your laptop or mobile device to your home or work network, even if it travels over an unencrypted connection along the way
- Companies that deal with sensitive client data and material should stay away from accessing any sites that contain PII or PHI as it could be at risk unless using a secure VPN.
- Be sure to install patches that are available from Apple and Microsoft and listen to what your IT department tells you to do regarding safeguarding business data.
Check back with M&H Consulting as we stay on top of recent breaches and will keep you up-to-date. Call M&H Consulting at 1-(866)-964-8324 or visit our website at http://www.mhconsults.com