You may have seen the news about the “serious weaknesses” in Wi-Fi security protocol WPA2. The exploit, first reported by Ars Technica, made headlines from Tech Crunch, The Verge and ZDNet to Time and Wired. Security researcher Mathy Vanhoef of KU Leuven discovered the vulnerability affecting “all modern protected Wi-Fi networks.”
Key Reinstallation Attacks (KRACKs) disrupt the 4-way handshake to circumvent existing Wi-Fi security protection. Attackers can steal passwords and other private data, as well as inject ransomware into websites.
How serious do you think this is for your organization? Do you anticipate spending time this week to investigate and act?
Vanhoef acknowledges that some of the scenarios might be “impractical,” but breaches can occur against devices running Android, Linux, macOS, and Windows. It’s advisable to keep using WPA2 protocol and run updates as soon as patches become available for multiple devices, like mobile phones, routers, and IoT devices. (FYI the Microsoft Windows updates released on October 10th for supported OS versions protect customers against this problem.)
Social commentary ranged from resigned to sarcastic – what is your position? Let us know what implications you see. For instance, is your security layered, so access in one area won’t compromise everything across your organization? Or do you need to increase VPN use?
Perhaps it’s time for a new Wi-Fi security protocol, or are patches sufficient in our increasing mobile and digital landscape? Post your reply below to share your thoughts.
Labels: Mobile Device Management (MDM), Mobile Application Management (MAM), Intune, Active Directory, Digital Transformation