KRACK Vulnerability on WiFi- Kelsey Networks Response
Researchers on Monday announced that they had found a gaping security hole in WPA2, one of the most popular Wi-Fi communications encryption standards. But the exploit they uncovered, that could allow hackers to steal even encrypted wireless data dubbed ‘KRACK’, can be foiled by software updates, the major tech hardware and software vendors quickly started announcing those fixes this week.
Consumers should act just as quickly to patch their phones, laptops, Wi-Fi base stations, and other gear. Almost every company that included wireless capability in their devices or software needs to issue an update, as this exhaustive list compiled by the government-sponsored U.S. Computer Emergency Readiness Team indicates. The list includes links that will be updated to each company’s patches or recommended fixes.
Among the biggest names in the tech market, Microsoft said it has already eliminated the security hole in an update to the Windows operating system that was issued on 10th October. “Customers who apply the update, or have automatic updates enabled, will be protected,” the company said in a statement.
Apple said it was almost ready to issue to a patch for its mobile iOS software, computer MacOS software, and other operating systems. The fix is included in beta software that is currently being tested, the company told web site iMore. Once testers finish wringing the bugs out of the beta versions, Apple will issue them to customers.
Google, which oversees the Android software running on more than three-quarters of smartphones worldwide, seemed to be somewhat further behind. “We’re aware of the issue, and we will be patching any affected devices in the coming weeks,” the company said in a statement. Even after Google completes its work, the challenge remains to get the patch out to all Android users. Because it is controlled in part by wireless carriers around the world, the Android ecosystem sometimes struggles to distribute security patches.
Among major networking hardware vendors, Cisco Systems said it had patches available for some products, but was still assessing what else it might do to eliminate the vulnerability in additional products. Intel, which makes wireless chip sets that include WPA2 also issued a lengthy list of affected products and updated driver software to close the hole.
Kelsey Networks are responding by working through it clients to identify if their WiFi systems are affected and applying fixes as they are released.
For those on cloud managed systems this will be a remote update as the updates appear.
Please note the WiFi systems we install separate out the company data and guest data to ensure privacy, based on this the ‘Krack’ it mainly affects the guest systems relying on WPA2 encryption, those with unsecured connections for guests typically accept the open unsecure nature of the connection, however we will be updating these access points as well.
The solution is based on two elements;
- Ensure patching or firmware is brought up to date on your access points
- Actively promote your guests to update their devices to the latest version or patch
If there are any questions you have please contact us;