KRACK - What is it and what does it mean for your Business?


We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.


What does it mean for your Business

If you use wireless in your organisation you are probably using WPA2 , which means this exploit effects you. Intruders can use this attack to listen to passwords and sensitive company information. Your Wireless Manufacturer being Draytek, Netgear, Meraki or Ubiqiuiti are currently realizing updates which will need to be applied to your device to protect against this.

Microsoft will release a fix for Windows 10 on October 17th, along with several extra features.

iOS devices are already patched for this problem. Android phone manufactures will be releasing updates as well as Linux Distro's.