The KRACK vulnerability threatens ALL wifi-enabled devices.  Everything from routers to computers to smart thermostats can be exploited so a hacker can intercept your data!

Newsletter Subscribers:  Click here to jump to Useful Resources

Here’s what you can do:

  1. Don’t worry about changing passwords (although it’s always a good idea to frequently update them)…it won’t protect you from this type of attack.
  2. Make sure all your devices are updated. Update your computers first, then your networking devices, then your mobile devices, any industrial control systems (ICS) or medical equipment, and finally your other connected devices (the IOT aka Internet of Things ones).

The problem with Item 2 is that while researchers have made manufacturers aware of this months ago, not all devices have patches yet.   KRACK was announced to the public 2 days ago, and yet many vendors are not yet reporting patches, while others claim they are not affected.  Microsoft immediately released an update for Windows on Oct. 10, while Apple only has patched beta updates (or at least they’re leaking that to the tech press, as they haven’t notified US-CERT at Homeland Security).  Other vendors, like Cisco have some patches but are still testing many of their devices.

What are we doing about KRACK

For the last few days, we have been reviewing client records and are flagging devices and updates for follow up.  We will update what we can, but have to wait until the various vendors announce patches.

If you need help with your updates, contact us!

Useful Resources

 

KRACK in Wi-Fi security: Everything you need to know

A good straightforward explanation of the vulnerability and how to deal with it.

https://www.cnet.com/news/krack-microsoft-windows-amazon-frequently-asked-questions/

Related video:

(Video may load slowly.  Click here if you’re having trouble viewing.)

KRACK Attacks: Bypassing WPA2 against Android and Linux

Researcher Mathy Vanhoef demonstrates his discovery of the vulnerability.

 

Vendor Information for VU#228519

Official CERT tracking of manufacturer responses to this vulnerability.

http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4

 

And if you need our help securing your devices!

Click for help:  http://t2d.la/help

 

 

 

#OnlineThreat - KRACK