In the cybersecurity world, Monday, October 16th was labeled as “Black Monday” due to the discovery of two major Wi-Fi vulnerabilities discovered in system software One vulnerability was discovered by researchers at a university in Belgium and is being referred to as “KRACK”, which is short for Key Registration Attacks. The other is referred to as “ROCA”, which stands for Return of Coopersmith’s Attack. It impacts chips made by the Germany company called Infineon Technologies that allows access to private keys. These two wi-fi vulnerabilities allow attackers to steal sensitive information like credit card numbers, passwords, chat messages, emails, photos and more.
How Do These Wi-Fi Vulnerabilities Impact You?
Let me ask you a couple of questions: Do you ever use Wi-Fi to access the internet at home or a coffee-shop? Do you have a cell phone? Yeah, most of us do. This means that nearly everyone is impacted by this discovery and until a wide-spread fix is identified, accessing the internet could be very risky – even for casual texting!
So Now What?
Many manufacturers are just now learning of the Wi-Fi vulnerabilities and exploring how this impacts their specific products. In a report prepared by BleepingComputer, several are already preparing a software patch that will fix the problem. However, until those become available, we would recommend you start to take note and inventory what equipment you own that broadcasts, uses or operates based on a Wi-Fi WPA2 connection protocol.
What Devices are Impacted?
- Mobile Phones
- Desktop Computers*
- Laptops* / Notepads*
- Tablets / Readers (like Kindle, etc.)
- Network Routers (The piece of equipment that you plug your main internet line into that allows you to access your home or office internet over Wi-Fi)
- Wireless Printers
- Home Security Systems
- Personal Assistants like Amazon Echo, Alexis, and Google Home
*NOTE: Microsoft pushed an update on 10/10. If you’re set for auto updates, you should be fine if you’ve restarted your computer since 10/10. If not, make sure you reboot and/or manually update.
What You Need To Know
- If your device (mobile phone, tablet or computer) uses Wi-Fi, you’re likely affected.
- If you use public Wi-Fi, you are at higher risk.
How to Protect Yourself and Others
In the days or weeks ahead, you will want to keep an eye out for important security updates being offered by your device manufacturers. For printers, routers or other hardware, you may have to go into the device manually and update the “firmware.” Checking with the manufacturer website or device manual for these products will likely guide you on where to go for such updates. We recommend applying any and all that are available – as soon as possible!
It’s likely that many people will discard this news story not really understanding how it impacts them or those around them creating a larger scale problem. Some won’t really understand what to do or how to correct. Here are some tips to share:
- Make sure to communicate this to others. Share it with friends and family to ensure their information is kept safe.
- Change the settings on your phone to “Notify you before connecting to Wi-Fi”. This gives you the opportunity to ask the staff at your favorite coffee shop if they’ve made updates to their system before automatically connecting and putting your personal information at risk.
- If you’re a retail manager and offer Wi-Fi as a service, it might be helpful to post a sign in your store that says “Our Wi-Fi has been Updated to Defend Against KRACK.” once your updates are complete to let your guests know your location is safe for browsing.
- If you understand how this works, reach out to someone who is older and less technology-savvy to make sure their information is updated and secure.
- Not sure how to do the updates? We would be happy to make a recommendation for you to a qualified technology service provider. Call us at 636-379-1750 and we’ll guide you to the best provider to suit your needs.
Where To Go For Additional Resources:
About the Author: Julia Eudy is the founder of Golden Services Group and experienced online marketing professional skilled in interpreting data analytics, writing compelling SEO-ready copy targeting engagement and creating a communication process to promote long-term referrals. She is also a STOP.THINK.CONNECT partner and can help you spot potential cyber-security threats and can help you limit risks for your business.