KRACK - Why WiFi should never be trusted

18 October 2017
 
With the news of the KRACK vulnerability in WPA2 WiFi encryption being such a huge shock to the industry, IT departments all over the world are scrambling to lock down their devices and WiFi equipment.  Unfortunately for your average user, this is yet another situation where the security goalposts have moved, and we’re having to re-educate people on what used to be a well established rule of thumb: ‘open’ WiFi networks are insecure, ‘password protected' networks are safe.
 
Those who understand the technology also understand that all these measures are to protect against ‘man in the middle’ attacks - whereby someone can intercept your network traffic, and glean your sensitive information, such as your online banking password, private email discussions or just your web browsing habits.  For businesses the stakes are much higher - attackers are looking to compromise your devices, deploy ransomeware viruses or steal your corporate data.  It was reported earlier this year that any given FTSE 100 company is on average £120 million worse off after a security breach.
 
A lot of people will be saying - it shouldn’t matter, everyone should be using SSL - and they’re completely right.  Up until now, having SSL encryption on the email servers and websites you use will give you a very good layer of additional protection because the ‘man in the middle’ only sees encrypted traffic, however the reality is that you’re still not entirely safe.  The folks behind the publication of the KRACK vulnerability have published a very scary video (https://www.krackattacks.com) showing an example whereby the exploit can be used to forward your devices to a non-SSL version of the site/service you’re using, hence letting the ‘man in the middle’ see everything in plain text.
 
I should point out that this is only really scary because WPA2 is used everywhere and so many people rely on it being the means of securing their traffic.  The more worrying issue is that while KRACK has shed a new light on these types of attacks, it is not the only way to carry out a man-in-the-middle attack.  If someone really wants to target you or your business, there’s dozens of other ways of physically gaining access to the infrastructure you use to connect to the internet and performing the same man-in-the-middle exploits.
 
So what can you do to protect yourself?  Obviously the first thing to do is update all your software on your wireless devices.  KRACK mainly affects your PCs, phones, IoT devices etc. that act as a WiFi client - so those should be the first port of call.  Secondly, if your WiFi network uses bridging or roaming anywhere, your WiFi network equipment is also vulnerable.  If in doubt ask the vendor.
 
However as I’ve pointed out, this doesn’t necessarily give you complete protection.  While it’s very very unlikely to ‘tap’ wired networks, it’s not impossible.  There will always be ways that an attacker can intercept your traffic, so the time has come to think more holistically about how you secure your traffic.  
 
Earlier this year Commsworld launched a solution which can help businesses protect their users from these types of exploits.  Our Cloud VPN service  uses strong encryption from the client software, installed on each user’s PC or mobile device, to transport their traffic to Commsworld’s Cloud environment.  Typically customers would use this service to connect securely into their corporate infrastructure, however it will equally secure day-to-day traffic such as email access, web browsing and any other kind of internet access.  Using the Cloud VPN service to securely ‘tunnel’ into the cloud (there’s a mixture of metaphors if I ever saw it!), you can completely bypass all the likely risks of being subject to a man-in-the-middle attack.  Whether that be from insecure WiFi, a dodgy ISP service or someone who is so determined to hack your data they’re prepared to tap your physical wired infrastructure - you can be sure that everything is encrypted into the safe-zone of Commsworld's private cloud infrastructure.
 
If you’re interested in finding out more about our Cloud VPN Solution, talk to us today.

Other Posts

CityFibre sparks Gigabit revolution in Edinburgh

29 May 2015
No Comments

Registration now open for businesses to access gigabit speed connectivity

Edinburgh, 29th May 2015 – Businesses and institutions across Edinburgh are being given the opportunity to shape the route of a new 150km future-proof pure fibre network that will transform the Scottish capital into a Gigabit City and one of the best digitally connected cities in the world.

Over the coming months, …

Sleeping out to support Byte Night

20 September 2017
No Comments

Commsworld have put together a team to support Action for Children in its 20th year to take part in a sponsored sleep-out beneath the stars.

Byte Night is the UK's largest 'sleep-out' event with teams from the technology and business services sleeping out in locations across the UK to raise funds to prevent youth homelessness. Hundreds of people including some Commsworld colleagues will be …

What Pure Fibre can do for Scotland's businesses

25 May 2017
No Comments

Dark fibre is a term used to define fibre optic infrastructure that isn’t currently activated. Networks of dark fibre exist beneath many cities and hold the potential to improve connectivity for countless businesses. Fibre is referred to as ‘dark’ when not in use i.e. activated, as the transfer of data lights up the cables. Once activated, a dark fibre network is sometimes …

How Pure Fibre is changing Scotland’s schools

01 December 2017
No Comments

If you’re familiar with what we do here at Commsworld, then you probably already know that in 2016, we worked with CityFibre to roll out a ground-breaking 150km fibre optic network across the City of Edinburgh. This helped Edinburgh win the title of the UK’s largest ‘Gigabit City’ and is part of the City of Edinburgh Council’s aim to transform digital services across …

No Comments

Add a Comment