What You Should Know About the WPA2 "KRACK" Wi-Fi Vulnerability

Posted by Kevin Davis - October 17, 2017 - Important Information


On Monday, October 16, 2017 researchers released new information announcing a security vulnerability affecting encrypted Wi-Fi networks worldwide.

The vulnerability allows attackers to read Wi-Fi traffic between devices and wireless access points, and in some cases even modify the traffic to inject malware and malicious websites. Devices running macOS®, Windows, Apple iOS, Android, and Linux will be affected by this vulnerability. 

The portion of Wi-Fi affected is within the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. This is a popular protocol used to protect professional and personal Wi-Fi networks. Data that could be intercepted may include passwords, personal emails, and information typically deemed encrypted. 

For those organizations that are not covered under our SafetyNet Managed or Enterprise programs, here are some simple steps your business can take to protect against this vulnerability:

  • Apply this Microsoft security update immediately
  • Ensure you are using supported operating systems and applications
  • Apply the latest patches as soon as they become available (for all software and firmware applications)
  • Ensure that all of your systems are protected by antivirus and anti-malware software, and ensure that the virus and malware signatures are updated automatically and consistently
  • Conduct regular scanning of your network 

If you feel this, and many other, vulnerabilities may be lingering within your infrastructure, you may consider bolstering your network with managed vulnerability scanning and patching tools. Click here to learn about SymQuest's Managed+ solution for your business. 

We also recommend designing Disaster Recovery (DR) and strategic IT plans to mitigate future risks, and to ensure that if one safeguard fails, that others will still be there to protect you, your systems, and your information. Click here to learn about SymQuest's comprehensive security assessment which can highlight the areas of your network that need remediation. 

For more information on the KRACK vulnerability visit https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/ 

To stay up to date on the latest news about network security and vulnerabilities subscribe to Tech Talk today.

about the author

Kevin Davis

Kevin Davis is currently the Vice President of Service and Support for SymQuest, and is based in the South Burlington, VT and West Lebanon, NH office locations. Davis is responsible for the network and client support teams at SymQuest. Davis started with SymQuest in April of 2007 as an Incident Response Engineer. His love for customer service and technology quickly led him through various engineering positions where his passion for process improvement and motivating team members advanced him to management positions with increasing responsibilities leading to his present role as Vice President of Service and Support. Kevin holds many industry IT certifications and was a member of True Profits Group.

Kevin Davis