A KRACK in the Wireless Armor 

We were recently published in Security Dealer & Integrator magazine and featured online on the industry leading website, SecurityInfoWatch. The article, titled “A KRACK in the Wireless Armor” was published in February (Vol. 40, No. 2).

We’ve included the first few paragraphs of article below. You can read the full version by visiting the SecurityInfoWatch website and flipbook.

A KRACK in the Wireless Armor

You know the way business is these days – it is all about providing valuable services that make a customer’s life more convenient, safe and secure. That also means trying to help customers on the cybersecurity front, so their information, video streams or other system data is not compromised. Unfortunately, that is getting harder to do in today’s reality, where new threats are emerging almost daily and you have to know how to try to actively prevent, detect and monitor these types of activities. This applies to your customers as well as your own business.

Customers look to systems integrators as their hired expert advisors, relying on them to make design and product recommendations that are the best fit for their organization. So, what should a systems integrator do if the product itself has a defect; or potentially even worse, a security vulnerability or “back door” to gain access?

Case in point: It has been four months since the KRACK wireless vulnerability discovery was made public in October 2017, yet there are still devices currently deployed and in operation which have not yet been updated to address this threat.

Inside the KRACK

KRACK, short for “Key Reinstallation Attacks,” is a weakness discovered by Mathy Vanhoef – a postdoctoral researcher with the iMinds-DistriNet Research Group, KU Leuven University, Leuven, Belgium – in the Wi-Fi network security standard WiFi Protected Access 2 (WPA2).

According to Vanhoef’s report, the flaw – which affected millions if not billions of devices – may enable an attacker to deploy a method that allows them to read information which was previously assumed to be encrypted during wireless transmission. The technique involves “tricking” devices to reinstall an already in-use encryption key, resulting in potentially allowing traffic to be intercepted and decrypted.

Unlike many vulnerabilities discovered in the past, KRACK does not just affect a specific manufacturer or product – the weakness is in the Wi-Fi standard itself and therefore most devices that support WPA2 are at risk. The result may potentially be the theft of sensitive data being transmitted over the wireless network and devices in danger include Wi-Fi routers, smartphones, thermostats, security cameras, speakers and really, any kind of wireless internet-connected device.

Read the Full Article

Resources & insights

Why You Could Be Denied Cyberattack Insurance Coverage
Blog
Why You Could Be Denied Cyberattack Insurance Coverage
As you’re working toward achieving robust cybersecurity, the subject of cyber attack insurance coverage and cybersecurity insurance requirements is sure to enter the discussion.
Cost of a Cyberattack vs. Cybersecurity Investment
Blog
Cost of a Cyberattack vs. Cybersecurity Investment 
Detailing the cost of a cyberattack versus the ROI of a cybersecurity investment enables leadership to see cybersecurity solutions are worth it.
Defendify Listed as a High Performer in Six G2 Grid Categories
Blog
Defendify Listed as a High Performer in Six G2 Grid Categories
The Defendify Cybersecurity Platform has been listed as a High Performer in six Summer 2022 Data Security Software Category Reports on the technology review site G2.

Protect and defend with multiple layers of cybersecurity

Defend your business with All-In-One Cybersecurity®.

Explore layered
security

Learn more about Defendify’s three key layers and All-In-One Cybersecurity®.

How can we help?

Schedule time to talk to a cybersecurity expert to discuss your needs.

See how it works

See how Defendify’s platform, modules, and expertise work to improve security posture.

Take the first step toward comprehensive cybersecurity with a free Defendify Essentials package

Gain access to 3 award-winning cybersecurity modules. Nothing to install. Nothing to pay for.