October 16th 2017, US-CERT publicly disclosed a vulnerability at the core of the WPA-2 encryption protocol. This vulnerability affects nearly every modern encryption configuration used for transmitting information across the internet, especially Linux and Android devices. The KRACK exploit was discovered by security researcher Mathy Vanhoef before it could be implemented for widespread misuse; however, now that this issue is public knowledge, it is extremely important for businesses to update their systems to protect against it.
How Serious is this Vulnerability?
In terms of how harmful this exploit can be, it is extremely serious:
- It can be used to steal any encrypted information that is transmitted from or received by your computer or mobile devices.
- It can be used to inject various forms of malware into local networks and website.
- It affects all kinds of internet enabled devices; however, the most serious threats of injection are specific to Linux and Android.
The good news here is that a hacker needs to be within range of someone’s wifi network to implement it; so, the likelyhood of it being used against your home computer is fairly low. The most likely candidates for this attack are big businesses and smaller businesses that handle secure information.
Due to the potential damage that this exploit could cause, we strongly urge our clients to review their local networks to ensure that all of their connected devices are properly patched.