KRACK - Why WiFi should never be trusted

18 October 2017
With the news of the KRACK vulnerability in WPA2 WiFi encryption being such a huge shock to the industry, IT departments all over the world are scrambling to lock down their devices and WiFi equipment.  Unfortunately for your average user, this is yet another situation where the security goalposts have moved, and we’re having to re-educate people on what used to be a well established rule of thumb: ‘open’ WiFi networks are insecure, ‘password protected' networks are safe.
 
Those who understand the technology also understand that all these measures are to protect against ‘man in the middle’ attacks - whereby someone can intercept your network traffic, and glean your sensitive information, such as your online banking password, private email discussions or just your web browsing habits.  For businesses the stakes are much higher - attackers are looking to compromise your devices, deploy ransomeware viruses or steal your corporate data.  It was reported earlier this year that any given FTSE 100 company is on average £120 million worse off after a security breach.
 
A lot of people will be saying - it shouldn’t matter, everyone should be using SSL - and they’re completely right.  Up until now, having SSL encryption on the email servers and websites you use will give you a very good layer of additional protection because the ‘man in the middle’ only sees encrypted traffic, however the reality is that you’re still not entirely safe.  The folks behind the publication of the KRACK vulnerability have published a very scary video (https://www.krackattacks.com) showing an example whereby the exploit can be used to forward your devices to a non-SSL version of the site/service you’re using, hence letting the ‘man in the middle’ see everything in plain text.
 
I should point out that this is only really scary because WPA2 is used everywhere and so many people rely on it being the means of securing their traffic.  The more worrying issue is that while KRACK has shed a new light on these types of attacks, it is not the only way to carry out a man-in-the-middle attack.  If someone really wants to target you or your business, there’s dozens of other ways of physically gaining access to the infrastructure you use to connect to the internet and performing the same man-in-the-middle exploits.
 
So what can you do to protect yourself?  Obviously the first thing to do is update all your software on your wireless devices.  KRACK mainly affects your PCs, phones, IoT devices etc. that act as a WiFi client - so those should be the first port of call.  Secondly, if your WiFi network uses bridging or roaming anywhere, your WiFi network equipment is also vulnerable.  If in doubt ask the vendor.
 
However as I’ve pointed out, this doesn’t necessarily give you complete protection.  While it’s very very unlikely to ‘tap’ wired networks, it’s not impossible.  There will always be ways that an attacker can intercept your traffic, so the time has come to think more holistically about how you secure your traffic.  
 
Earlier this year Commsworld launched a solution which can help businesses protect their users from these types of exploits.  Our Cloud VPN service  uses strong encryption from the client software, installed on each user’s PC or mobile device, to transport their traffic to Commsworld’s Cloud environment.  Typically customers would use this service to connect securely into their corporate infrastructure, however it will equally secure day-to-day traffic such as email access, web browsing and any other kind of internet access.  Using the Cloud VPN service to securely ‘tunnel’ into the cloud (there’s a mixture of metaphors if I ever saw it!), you can completely bypass all the likely risks of being subject to a man-in-the-middle attack.  Whether that be from insecure WiFi, a dodgy ISP service or someone who is so determined to hack your data they’re prepared to tap your physical wired infrastructure - you can be sure that everything is encrypted into the safe-zone of Commsworld's private cloud infrastructure.
 
If you’re interested in finding out more about our Cloud VPN Solution, talk to us today.

Other Posts

CityFibre sparks Gigabit revolution in Edinburgh

29 May 2015
No Comments

Registration now open for businesses to access gigabit speed connectivity

Edinburgh, 29th May 2015 – Businesses and institutions across Edinburgh are being given the opportunity to shape the route of a new 150km future-proof pure fibre network that will transform the Scottish capital into a Gigabit City and one of the best digitally connected cities in the world.

Over the coming months, …

ISO Reaccreditation

25 November 2016
No Comments

On 23rd November 2016, Commsworld retained its ISO reaccreditations for the 2nd time.

Commsworld are excited to announce our successful reaccreditation of our ISO9001 and ISO27001 quality standards.  This is again further endorsement that the underpinning processes and policies in place at Commsworld are working to successfully deliver our suite of services and products …

Fortis Strengthens Business Ties with Commsworld Connection

15 February 2017
No Comments

Scotland’s largest and most energy efficient datacentre has connected to an ultra-fast and resilient network in a landmark partnership.

The Fortis datacentre, which is located near Newhouse in North Lanarkshire is now live through Commsworld’s gigabit capable pure fibre network.

The agreement will enable Scotland’s leading independent network operator to offer the …

Commsworld boosts network capacity in seven days to keep major festivals and sporting events online

08 October 2015
No Comments

Commsworld scores a connectivity hole in one with SEE Enterprise Telecoms

SSE Enterprise Telecoms – the UK’s leading provider of network infrastructure and data centre services, and part of the SSE Group – announced that its scalable network solutions have enabled Commsworld to deliver ultra-reliable and high-capacity internet connectivity to major sporting events and …

No Comments

Add a Comment