A significant vulnerability in the security for wireless communication (WPA2), has been discovered. the vulnerability is called KRACK.
A hacker using this vulnerability could access your usernames, passwords, and any other information sent over wireless communication. The hacker could also take control of your computer, smartphone, or tablet.
Here are the limitations: The hacker would have to be within wi-fi range of your device. Also, most sensitive information is also encrypted by secure HTTP (HTTPS), meaning the hacker couldn’t access HTTPS-encrypted information.
The fix for this vulnerability will have to come from each equipment manufacturer. Our computers, smartphones, tablets, routers, security cameras, (any device that operates over wi-fi), will need to be updated.
If you have a router from your Internet Service Provider: Comcast, AT&T, Wave, etc., they will likely update it automatically. If you are using your own router, it will probably need to be manually updated once the update is available.
As of October 18, 2017, here’s the status of some common devices:
- Microsoft has already released a fix on October 10 th, so if you’re using an updated and supported Windows device, you’re ok.
- Google and Samsung devices are listed as vulnerable.
- There is no information listed for Apple, but we can assume their devices are vulnerable until we hear otherwise.
What to do
- Don’t use public wi-fi if at all possible.
- Be super-careful about sending sensitive information over wi-fi (usernames, passwords, social security numbers, credit card numbers). If you must perform sensitive transactions over wi-fi, make sure that the little padlock symbol shows in the top line of your browser, to ensure you’re using HTTPS.
- Keep all your devices updated.
- Use hard-wired connections whenever possible.
Here are some links for additional information:
This is the official government advisory: https://lamorindatechnology.us7.list-manage.com/track/click?u=59906339194d9866bd4c8e2fd&id=f33c9a338d&e=9f2fc020ee
This is an updated list of update status by vendor: https://lamorindatechnology.us7.list-manage.com/track/click?u=59906339194d9866bd4c8e2fd&id=8ce87d873a&e=9f2fc020ee
The following are two articles that provide useful information:
Hopefully, the vendors will put out updates quickly.