KRACK - Why WiFi should never be trusted

With the news of the KRACK vulnerability in WPA2 WiFi encryption being such a huge shock to the industry, IT departments all over the world are scrambling to lock down their devices and WiFi equipment.  Unfortunately for your average user, this is yet another situation where the security goalposts have moved, and we’re having to re-educate people on what used to be a well established rule of thumb: ‘open’ WiFi networks are insecure, ‘password protected' networks are safe.
 
Those who understand the technology also understand that all these measures are to protect against ‘man in the middle’ attacks - whereby someone can intercept your network traffic, and glean your sensitive information, such as your online banking password, private email discussions or just your web browsing habits.  For businesses the stakes are much higher - attackers are looking to compromise your devices, deploy ransomeware viruses or steal your corporate data.  It was reported earlier this year that any given FTSE 100 company is on average £120 million worse off after a security breach.
 
A lot of people will be saying - it shouldn’t matter, everyone should be using SSL - and they’re completely right.  Up until now, having SSL encryption on the email servers and websites you use will give you a very good layer of additional protection because the ‘man in the middle’ only sees encrypted traffic, however the reality is that you’re still not entirely safe.  The folks behind the publication of the KRACK vulnerability have published a very scary video (https://www.krackattacks.com) showing an example whereby the exploit can be used to forward your devices to a non-SSL version of the site/service you’re using, hence letting the ‘man in the middle’ see everything in plain text.
 
I should point out that this is only really scary because WPA2 is used everywhere and so many people rely on it being the means of securing their traffic.  The more worrying issue is that while KRACK has shed a new light on these types of attacks, it is not the only way to carry out a man-in-the-middle attack.  If someone really wants to target you or your business, there’s dozens of other ways of physically gaining access to the infrastructure you use to connect to the internet and performing the same man-in-the-middle exploits.
 
So what can you do to protect yourself?  Obviously the first thing to do is update all your software on your wireless devices.  KRACK mainly affects your PCs, phones, IoT devices etc. that act as a WiFi client - so those should be the first port of call.  Secondly, if your WiFi network uses bridging or roaming anywhere, your WiFi network equipment is also vulnerable.  If in doubt ask the vendor.
 
However as I’ve pointed out, this doesn’t necessarily give you complete protection.  While it’s very very unlikely to ‘tap’ wired networks, it’s not impossible.  There will always be ways that an attacker can intercept your traffic, so the time has come to think more holistically about how you secure your traffic.  
 
Earlier this year Commsworld launched a solution which can help businesses protect their users from these types of exploits.  Our Cloud VPN service  uses strong encryption from the client software, installed on each user’s PC or mobile device, to transport their traffic to Commsworld’s Cloud environment.  Typically customers would use this service to connect securely into their corporate infrastructure, however it will equally secure day-to-day traffic such as email access, web browsing and any other kind of internet access.  Using the Cloud VPN service to securely ‘tunnel’ into the cloud (there’s a mixture of metaphors if I ever saw it!), you can completely bypass all the likely risks of being subject to a man-in-the-middle attack.  Whether that be from insecure WiFi, a dodgy ISP service or someone who is so determined to hack your data they’re prepared to tap your physical wired infrastructure - you can be sure that everything is encrypted into the safe-zone of Commsworld's private cloud infrastructure.
 
If you’re interested in finding out more about our Cloud VPN Solution, talk to us today.