KRACK WPA2 Wi-fi Exploit

You may well have heard of the security exploit that was discovered in the WPA2 key implementation that is widely used in all Wi-Fi network installations/devices, commonly referred to as the ‘KRACK’ exploit.

This does affect Wi-Fi networks, computers that use Wi-Fi connections, including laptops/desktop/smart phones/tablets, etc.

Information about the exploit can be found here (this is a technical document): https://en.wikipedia.org/wiki/KRACK

It should be pointed out in this document that it stresses that the weakness/exploit is in the WPA key management itself, (i.e. the software implementation), not in the encryption standards that are used to encrypt data for Wi-Fi connections, or the products that use Wi-Fi for data transmission.

For clients of FlightPath IT, we want to assure you that we have taken steps to apply a security upgrade to your Wi-Fi networking hardware that we manage at your organization, to protect your Wi-Fi communications from this exploit. We are also working to insure that any workstations or other devices that we manage for your organization will be updated with security patches from the vendor of the operating systems (Windows/Mac OS X, etc.)

To date, there are no reported exploits of this weakness in the WPA protocol key handling, but we are working proactively to insure that there is no risk in your organization.

Also, please be aware that if you are using a VPN connection over your Wi-Fi network, the data traveling over that connection would not be vulnerable to this exploit, since the VPN client software will encrypt that data separately.

If you have questions or concerns about this, please reach out to us and we will be happy to discuss in detail the steps we have taken to secure your infrastructure.

Be careful with wireless keyboards

Another day, another article about data vulnerabilities. This time the problem is wireless keyboards. Apparently several brands of wireless keyboards use no encryption whatsoever, and merely rely on obscure radio frequencies for minimal security. This leaves the end user open to key logging as well as key insertion. In other words someone could capture everything you type, or type directly on your computer. Your only recourse would be to unplug your wireless keyboard dongle / receiver. If you have a wireless keyboard from one of the brands listed in the article, you should switch to another brand or even a wired keyboard. I have been using the Logitech K750 for a few years and I love it. First off, Logitech is not one of the brands listed in the article. The keyboard has a low profile, tactile keys and the best part: it is solar powered so there are no batteries to die and replace. I recommend it.