KRACK - Why WiFi should never be trusted

18 October 2017
 
With the news of the KRACK vulnerability in WPA2 WiFi encryption being such a huge shock to the industry, IT departments all over the world are scrambling to lock down their devices and WiFi equipment.  Unfortunately for your average user, this is yet another situation where the security goalposts have moved, and we’re having to re-educate people on what used to be a well established rule of thumb: ‘open’ WiFi networks are insecure, ‘password protected' networks are safe.
 
Those who understand the technology also understand that all these measures are to protect against ‘man in the middle’ attacks - whereby someone can intercept your network traffic, and glean your sensitive information, such as your online banking password, private email discussions or just your web browsing habits.  For businesses the stakes are much higher - attackers are looking to compromise your devices, deploy ransomeware viruses or steal your corporate data.  It was reported earlier this year that any given FTSE 100 company is on average £120 million worse off after a security breach.
 
A lot of people will be saying - it shouldn’t matter, everyone should be using SSL - and they’re completely right.  Up until now, having SSL encryption on the email servers and websites you use will give you a very good layer of additional protection because the ‘man in the middle’ only sees encrypted traffic, however the reality is that you’re still not entirely safe.  The folks behind the publication of the KRACK vulnerability have published a very scary video (https://www.krackattacks.com) showing an example whereby the exploit can be used to forward your devices to a non-SSL version of the site/service you’re using, hence letting the ‘man in the middle’ see everything in plain text.
 
I should point out that this is only really scary because WPA2 is used everywhere and so many people rely on it being the means of securing their traffic.  The more worrying issue is that while KRACK has shed a new light on these types of attacks, it is not the only way to carry out a man-in-the-middle attack.  If someone really wants to target you or your business, there’s dozens of other ways of physically gaining access to the infrastructure you use to connect to the internet and performing the same man-in-the-middle exploits.
 
So what can you do to protect yourself?  Obviously the first thing to do is update all your software on your wireless devices.  KRACK mainly affects your PCs, phones, IoT devices etc. that act as a WiFi client - so those should be the first port of call.  Secondly, if your WiFi network uses bridging or roaming anywhere, your WiFi network equipment is also vulnerable.  If in doubt ask the vendor.
 
However as I’ve pointed out, this doesn’t necessarily give you complete protection.  While it’s very very unlikely to ‘tap’ wired networks, it’s not impossible.  There will always be ways that an attacker can intercept your traffic, so the time has come to think more holistically about how you secure your traffic.  
 
Earlier this year Commsworld launched a solution which can help businesses protect their users from these types of exploits.  Our Cloud VPN service  uses strong encryption from the client software, installed on each user’s PC or mobile device, to transport their traffic to Commsworld’s Cloud environment.  Typically customers would use this service to connect securely into their corporate infrastructure, however it will equally secure day-to-day traffic such as email access, web browsing and any other kind of internet access.  Using the Cloud VPN service to securely ‘tunnel’ into the cloud (there’s a mixture of metaphors if I ever saw it!), you can completely bypass all the likely risks of being subject to a man-in-the-middle attack.  Whether that be from insecure WiFi, a dodgy ISP service or someone who is so determined to hack your data they’re prepared to tap your physical wired infrastructure - you can be sure that everything is encrypted into the safe-zone of Commsworld's private cloud infrastructure.
 
If you’re interested in finding out more about our Cloud VPN Solution, talk to us today.

Other Posts

Network Expansion Gathers Pace with 40% Increase

22 August 2014
No Comments

Commsworld’s Next Generation Network, powered by Fluency is continuing its roll-out with a 40% increase in footprint. Our network reach has been extended with the addition of Leith and Fountainbridge exchanges in Edinburgh and the Douglas exchange in Glasgow.  In addition, we have added Brightsolid’s Tier 3+ facility in Dundee to the list of data centres we have a presence in. …

Top Safety Accreditation for Commsworld

20 June 2017
No Comments

Commsworld has been awarded accreditation from Alcumus SafeContractor for achieving excellence in health and safety in the workplace.

Alcumus SafeContractor is a leading third party accreditation scheme which recognises extremely rigorous standards in health and safety management amongst contractors. It is used by thousands of organisations in the UK including SMEs and FTSE 100 companies. …

Event: Commsworld's Glasgow Gigabit City Launch

07 September 2016
No Comments

Commsworld are hosting a breakfast briefing in partnership with CityFibre and guest speakers on Thursday 22nd September, 7.30am, at the Blythswood Square Hotel, Glasgow G2 4AD.

At this event Commsworld will be providing an update on our Fluency Network growth, UK coverage and reach and will introduce you to Glasgow Gigabit City. 

As an …

Mitel recognised as a Leader in Gartner’s Magic Quadrant for UC

11 August 2014
No Comments

As a Mitel SelectParner Commsworld are delighted with the recent news that Mitel has been repositioned in Gartner’s Magic Quadrant. Mitel, a global leader in business communications, has moved from the Visionary to the Leaders Quadrant.

Gartner classifies leaders as ”having a full UC offering and a strong market presence, being able to demonstrate success in the …

No Comments

Add a Comment