KRACK WPA2 security vulnerability update

By Peter Lambert | October 18, 2017

Wi-fi Security

Late Monday a serious vulnerability in the Wi-Fi security protocol known as WPA2, was announced worldwide.

This vulnerability has been named KRACK, a portmanteau of Key Renegotiation Attack. WPA2 is used universally as the most secure of the wireless encryption protocols, the previous protocols being WEP and WPA. This vulnerability applies also to WPA, and WEP has been compromised for more than a decade and is therefore rarely used.

The KRACK vulnerability allows a hacker (who must be well equipped, experienced and within range of your Wi-Fi signal) to imitate a Wi-Fi Access Point (WAP) and force a legitimate device on the network to switch to the imposter Access Point. At this point the rogue Access Point is able to capture unencrypted traffic from the victim, as well as inject data into the data stream.

What this means for the victim, is confidential or security information can be collected, such as website passwords, banking credentials and credit card numbers. Malicious code can be injected to start another kind of cyber-attack on data, PCs or other devices.

As this vulnerability lies in the WPA2 protocol, changing your access key (the password you enter to join a wireless network) will not help at all.

The only protection against this vulnerability is to update the firmware on your devices. This includes Windows operating system updates, Android and Apple phone updates, and of course updating your Wireless Access Points as well.

Some of these updates will happen automatically, and in some cases this has already happened. For example, Microsoft has already released a patch for this vulnerability, and Android phone users (Samsung, Sony, LG etc.) will receive an update around the 7th of November.

Please note that to this point there have been no known abuses of this vulnerability. Manufacturers have had three months now to prepare, with the hope that by the time of the official announcement (17th October 2017) that a maximum amount of preparation could be done to minimize any window of opportunity for malicious actors.

This is a timely reminder that as we move to an ever more connected world, security risks will continue to rise, so it’s important to take the time to read security advisories and to protect yourself accordingly.

How can Diamond help?

Contact us today to discuss any concerns you may have regarding this recent announcement for your business or if you have any other IT and Communications needs. Call us on 1300 307 907 or contact us via our online contact form below.


Contact Us - We're here to help


TAGS: Managed IT Services, News and General, IT Security

About the Author
Peter Lambert

Presales Consultant, Carrier Solutions Specialist & Security Blogger @ Diamond IT - I have over 25 years of experience in Information & Communications. My range of skills is diverse and includes extensive experience in desktop solutions, server and network presales and administration, VOIP phone systems, journalism, creative writing, technical writing, digital videography and audio visual streaming. I hold a Certificate IV in Training and Assessment, and I am an experienced classroom trainer and course coordinator. I hold an Advanced Diploma in Network Security, a Diploma in Network Administration, and a Certificate IV in Networking. I am a Cisco Certified Network Associate (CCNA) and Microsoft Certified Solutions Associate (MCSA).