Yesterday a serious vulnerability was discovered and publicly disclosed in the WPA2 encryption protocol. Most wireless devices and routers rely on WPA2 to encrypt Wi-Fi traffic so if your customers own a wireless device, chances are they are affected. The latest vulnerability known as KRACK (key reinstallation attacks) allows attackers, within proximity, to view unencrypted traffic on a wireless network. This is traffic that was previously assumed to be encrypted by WPA2. This could give hackers visibility to your personal information such as credit card numbers, passwords, messages, email, photos and more. Depending on the configuration of the network it is also possible for hackers to inject malicious threats such as ransomware or other malware into websites.
While WPA2 is the most secure methodology in general use to encrypt Wi-Fi connections it’s unlikely that you have many customers relying on it solely. Every time someone accesses a secure HTTPS site, there is a separate layer of encryption, protecting them from unwanted viewing. Hopefully your customers don’t have much info going over your network that relies solely on the encryption WPA2 offers.
To make it clear, this is not a device vulnerability but rather a weakness in the WPA2 wireless standard. Therefore, if a device supports Wi-Fi, it is most likely affected.
We recommend that your customers update all of their wireless devices operating systems and firmware immediately. Most device manufacturers have a patch for this, and if they don’t, they will soon. If you provide routers or modem/router combos to your customers, you should have them updated as soon as possible. When possible, direct your customers to turn on auto updates on their devices. You can bet this will not be the last vulnerability found. We also recommend that your customers have a solid anti-malware, anti-ransomware solution in place for protection. SecureIT Plus, (included in all Tech Home packages), maximizes protection for your residential customers while SecureIT Pro (included in Tech Office) helps keep businesses safe.
If you subscribe to Wi-Fi Support you can have those covered customers call us directly at 1-833-776-9434 for assistance if necessary. Our proactive Wi-Fi Support checklist includes checking for firmware updates on customer’s wireless devices. Contact us for details on Tech Home, Tech Office and Wi-Fi Support at 1-877-725-4839 or email partners@securitycoverage.com.
We will keep you updated if there are further developments.