WPA2 – wireless encryption is flawed and open to attack.
Wireless hardware and software has been through many improvements since the original 802.11b standard “Wi-fi” was launched. And some of the earlier encryption methods were found to be flawed and so WPA2 was created and released to replace the flawed older encryption; and whilst this has worked well since WPA2 was rolled out in 2004 – a couple of serious flaws have just been exposed which means that ALL wifi connections using WPA2 are now at risk – and routers, access points, laptops, phones etc. anything with a wireless connection (not bluetooth) needs to be updated to fix this issue.
Silicon Bullet will be contacting our clients to engage in security review and updates as needed.
Most vendors have been alerted to this issue a couple months ago, and are have ready or nearly ready, updates that can be installed to upgrade kit to mitigate/obviate this flaw – known as KRACK.
Devices that need to be checked for updates include:
- Laptops (Windows, MacOS, Linux etc.) – Patches are available for Windows (should already be installed with Automatic updates; but Apple products and Android based products are particularly at risk at the moment – pending release of updates)
- Phones (iOS, Android etc.)
- Tablets (iPad, Microsoft Surface, Android etc.)
- eReaders (Kindle, Nook etc.)
- IOT devices
- Internet Personal Assistants (Amazon Echo/Dot/Alexa, Google Home, Apple HomePod)
- Home automation (door entry, lighting, HVAC, thermostats etc.)
- Home entertainment (TVs, HiFi, games consoles, media servers)
- Connected (Internet) appliances etc.
- Wireless repeaters or bridges
- A router using WiFi as its Internet connectivity source
- WiFi-enabled IP Cameras (CCTV) or WiFi baby monitors
- Connected motor vehicles (cars)
- Any other client device using WPA2
For more details see this write up from Wired: Wired: KRACK