In recent weeks, security researchers have discovered a major vulnerability in Wi-Fi Protected Access 2 (WPA2) — a type of encryption used to secure most Wi-Fi networks. The vulnerability has been nicknamed “KRACK” (Key Reinstallation Attacks) and can likely impact any device that is connected to a Wi-Fi network whether it be at the office, home, or coffee shop. KRACK, when successfully exploited, could allow attackers to intercept and steal data transmitted across a Wi-Fi network. This could also include personal data stored on connected devices – such as driver’s license number, Social Security number and credit and debit card numbers. As with any stolen personal data, attackers can use this information to commit identity theft.
Fortunately, since device manufacturers and software companies are aware of this vulnerability, it can be fixed with a security update. While waiting for the update, it is suggested that consumers use devices that are not affected, such as 4G carrier connections or a direct internet connection through Ethernet cable.
The Federal Trade Commission offers the following tips for protecting sensitive information:
- “Keep up with the latest updates for your software and devices, including updates for your smartphone, computer, and any IoT devices you design or use in your business [and home].
- Avoid sending sensitive information over public Wi-Fi, whether or not it’s encrypted.
- When you do send sensitive information to a website, make sure the address starts with “HTTPS” – this will at least ensure the data you send to that one website is encrypted.
- A VPN (Virtual Private Network) app or service can give you another layer of protection for your sensitive business data. VPNs encrypt traffic between your computer and the internet – even on unsecured networks.”
Source: KrackAttacts.com and Federal Trade Commission
For the original article, visit Key Reinstallation Attacks and Businesses Beware: Researchers Spot Bug in Wi-Fi Network Encryption – United States Federal Trade Commission, www.ftc.gov – not subject to copyright protection. 17 U.S.C. 403.