Please be aware of an exploit called ‘The KRACK’ or ‘Key Reinstallation Attack’ that takes advantage of a vulnerability in wireless connections, making it possible for an attacker to view, or at worse take advantage of an encrypted wireless connection.
The exploit impacts clients (Windows, Linux, MacOSX, iOS, Android to name a few) and access points alike. It is possible to patch clients and patches should be forthcoming from the mainstream vendors, as well as the access point firmware. Applying either one will mitigate this issue.
The main vendors, such as Cisco Meraki have already released patches for their access points and automatically applied.
Google and Apple are preparing to release patches for the flaw, while Microsoft said that it has already issued patches for Windows 7, 8 and 10, which were pushed out to users last week.
The Wi-Fi Alliance – the governing body that maintains the Wi-Fi standard – has already reassured users that the problem will soon be addressed. “This issue can be resolved through straightforward software updates,” the group said in a statement, “and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users.”
“There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections.”
If you are concerned about your wireless network and would like to speak to one of our security experts please contact us today on firstname.lastname@example.org or 01329 239900.