With news of the WPA2 KRACK (Key Reinstallation Attack) vulnerability – a security protocol flaw impacting nearly every Wi-Fi device– spreading quickly across the internet today, security professionals and novices alike are looking for clear guidance on what to do.
With headlines like Serious flaw in WPA2 protocol lets attackers intercept passwords and much more and WPA2 security flaw puts almost every Wi-Fi device at risk of hijack, eavesdropping, it’s easy to understand why so many security pros woke up to another huge headache today.
We asked our new Director of Cybersecurity Advocacy John McCumber to break down this news for us.
Here is how he summed it up:
“This weekend, the IT world woke up to the exposure of the KRACK exploit of the ubiquitous wi-fi encryption protocol knows as WPA2. More specifically, it affects the authentication scheme. Oddly enough, you have less exposure with iOS or a current Windows OS as the nonstandard implementation of the protocol on these two operating systems makes them less vulnerable than Android devices.
The breathless media and hype cycle has followed as could have been easily predicted. It is certainly a widespread and significant vulnerability, but a potential attacker would need to be physically nearby, thus making it more a concern for busy public wi-fi access points. Microsoft has already released a security update.
So when you friends and neighbors ask what they should do, make sure to tell them to keep their systems patched to current releases as soon as possible. It’s nothing to panic about, but prudent precautions for the use of public Wi-Fi access should be observed until this vulnerability has been fully addressed.”
What do You Think?
Are you scrambling to find a long-enough Ethernet cord yet?
What does the KRACK exploit mean for you or your organization?
What do you think are the full implications for what ZDNet called “a total breakdown of the WPA2 security protocol”?