‘KRACK’ Wi-Fi vulnerability warning
A weakness in a security protocol that Wi-Fi devices rely on has put wireless-enabled devices at risk of attack, Government’s Cybersecurity Working Group warned today.
According to national security minister Wayne Caines, the Key Reinstallation Attack, or “KRACK”, can allow an attacker within range of a Wi-Fi network to gain access to unencrypted traffic sent over the internet.
The Government’s Cybersecurity Working Group is advising the community to take the following precautions:
For the public:
• Ensure all your devices remain up to date. It may take some months for fixes to be available so turn on automatic updates for best protection.
• Where possible plug devices into a network rather than using Wi-Fi.
• When sending information online such as personal or credit cards information check to make sure the website address starts with ‘https’ or the lock symbol is on in the corner.
• When possible turn Wi-Fi off when not using it. This includes appliances, webcams TVs and baby monitors.
For corporate users:
• Follow best industry practice and guidelines. Double check intrusion routes to ensure Wi-Fi does not leave core networks vulnerable.
• Update all machines, servers, devices and Wi-Fi routers when advised to do so by manufacturers.
• Minimise public Wi-Fi use. Avoid core IT systems using Wi-Fi if possible.
• Mandate Virtual Private Networks (VPNs) for corporate Wi-Fi users and ensure VPN software is updated too.
• Monitor networks for intrusion. If possible authorise access by Media Access Control (MAC) address.
• Once all the fixes have been delivered, switch off the old insecure Wi-Fi modes and replace devices that are no longer supported.