Don’t Let This One Slip Through The KRACKs 

Wi-Fi is everywhere—we can barely function at work, home or on the go without it. We live in a connected world and we ♥ wireless. It’s built into our phones, laptops, thermostats, cameras, locks, refrigerators, and more. The list goes on and on, welcome to the Internet of Things (IoT)!

Devices often connect wirelessly through WPA2—a security protocol most have heard of and many have even deployed (remember setting up that home router or wireless printer?). It’s just about everywhere.

Bad news: WPA2 has a great big hole in it.

Things changed this week with the discovery of a major vulnerability at the heart of WPA2. Experts say “if your device supports Wi-Fi, it is most likely affected.” In other words, the majority of Wi-Fi devices we’re using today are now open to attack. We’re not just talking wireless routers, we’re talking anything that communicates over Wi-Fi: Phones, laptops, TV’s…you name it.

Using what is now known as a KRACK attack—KRACK is short for short for “Key Reinstallation Attack”—an attacker can intercept and manipulate traffic between devices and routers. The bad guy can see and steal things they’re not supposed to (e.g. passwords, confidential emails, financial information) and potentially run malicious commands (e.g. transfer money, install malware) on our devices.

Good news: We have a fighting chance.

Unlike many of the recent attacks in the news, what we know right now is that an attacker needs to be in range of the network to perform a KRACK attack. Physically in proximity and armed with the right set of skills. Additionally, when traffic travels over HTTPS—as it does on many websites—an attacker can’t look at it.

Manufacturers are scrambling to develop and release patches to fix the security vulnerability in their devices. According to TechCrunch on 10/17/17, “Microsoft already published a KRACK fix, Apple and Google are working on it” and the community is moving fast to spread the word. For example, check out Here’s every patch for KRACK Wi-Fi vulnerability available right now from ZDNet. But keep in mind, while some have made strides, there is a lot of work to be done given the sheer number of manufacturers, many of which need time to develop and test patches prior to release.

Don’t let this one slip through the KRACKs

  • Be vigilant and get your devices updated ASAP. For example, Microsoft released a patch last week. If you’re running a Windows device, put those updates through now.
  • Be aware and know that many devices don’t automatically update like some computers do. You may need to contact manufacturers and vendors to learn how to run an update manually.
  • Get started with your wireless router and then move to every Wi-Fi enabled device (check out Bleeping Computer’s List of Firmware & Driver Updates and CERT’s Vulnerability Notes Database to see where device manufacturers stand).
  • Consider using an extension like HTTPS Everywhere to improve safety when browsing the web.

While it’s rare something like this happens on such a large scale, the discovery of security “holes” in products happens every day. As you continue to install and use more wireless devices, remember to put updates through early and often and take quick action when weaknesses and risks are discovered.

Stay Safe,

Your Friends @ Defendify

Resources & insights

Why You Could Be Denied Cyberattack Insurance Coverage
Why You Could Be Denied Cyberattack Insurance Coverage
As you’re working toward achieving robust cybersecurity, the subject of cyber attack insurance coverage and cybersecurity insurance requirements is sure to enter the discussion.
Cost of a Cyberattack vs. Cybersecurity Investment
Cost of a Cyberattack vs. Cybersecurity Investment 
Detailing the cost of a cyberattack versus the ROI of a cybersecurity investment enables leadership to see cybersecurity solutions are worth it.
Defendify Listed as a High Performer in Six G2 Grid Categories
Defendify Listed as a High Performer in Six G2 Grid Categories
The Defendify Cybersecurity Platform has been listed as a High Performer in six Summer 2022 Data Security Software Category Reports on the technology review site G2.

Protect and defend with multiple layers of cybersecurity

Defend your business with All-In-One Cybersecurity®.

Explore layered

Learn more about Defendify’s three key layers and All-In-One Cybersecurity®.

How can we help?

Schedule time to talk to a cybersecurity expert to discuss your needs.

See how it works

See how Defendify’s platform, modules, and expertise work to improve security posture.

Take the first step toward comprehensive cybersecurity with a free Defendify Essentials package

Gain access to 3 award-winning cybersecurity modules. Nothing to install. Nothing to pay for.