A security flaw has been discovered on public Wi-Fi connections making any device that connects to the network vulnerable to being hacked.
KRACKS (key installation attacks) were discovered by Belgian researcher Mathy Vanhoef, who said that the issue is not with any device but rather the public network itself. When connected to a password-protected Wi-Fi network, your device will be accessible to hackers. “Any device that uses Wi-Fi is likely vulnerable,” said Vanhoef.
A KRACK does not need your password to gain access to your device, so this type of attack can be particularly harmful. A KRACK can target information that has otherwise been safely encrypted on a device, such as passwords, credit card information, chat messages, emails and photos.
Microsoft has already released a patch that corrects the flaw in any device that connects to Wi-Fi, and Apple will roll out an update in the coming weeks that will do the same. It is important to make sure all devices are updated. Mark Gregory, associate professor from the School of Engineering at RMIT University, said “We’re now in a situation where we need to consider Wi-Fi to be insecure until we know that what we’re connecting to has been patched.”
Protect yourself from attacks
In response to the growing concern over ransomware and malware, IT Governance now provides a scalable solution for staff awareness training. Our Phishing and Ransomware – Human patch e-learning course explains the threats that ransomware presents to organisations, and gives details of the resources available to help you understand and combat those threats. This ten-minute course provides an introduction to phishing and ransomware. We also offer a more detailed Phishing Staff Awareness Course.
Our three-day Cyber Health Check is ideal for large organisations. This includes on-site consultancy and audit, remote vulnerability assessments and an online staff survey in order to assess your cyber risk exposure and identify a practical route to minimise your risks. Receive a prioritised action plan for controlling your cyber risks in line with your risk appetite.
Visit our ransomware page to view all the services we offer to help your organisation combat threats.