People are finally waking up to the fact that unsecured wireless networks are highly vulnerable to hackers, but if you think that your protected network is safe to use, then think again.
Last month, the KRACK (key reinstallation attack) exploited a previously unknown weakness in the WPA2 and WPA protocols to intercept data transmitted between local routers and internet-connected devices. Most disturbingly, the WPA2 protocol, which replaced the original WPA protocol back in 2004, is now used to protect all modern wireless networks.
1. Update Router Firmware
Unlike many other exploits, KRACK does not target the device you use to connect to the internet. Instead, it targets the information you send which, if not encrypted, may be intercepted and used by a hacker connected to the same network.
That’s why the first and most important thing to do is to update your router’s firmware to address the vulnerability with the WPA2 protocol. Fortunately, most router manufacturers have already released firmware updates to address the problem. You can usually update the firmware through the router’s website. While you’re at it, be sure to update all other devices, including operating systems and antivirus software.
2. Reduce Your WiFi Range
To take advantage of the KRACK exploit, hackers need to be within range of your wireless network. Some routers allow you to reduce the effective range through the device’s webpage.
Another option is to reduce your router’s visibility to the public by hiding its SSID, which is the network name people see when they search for wireless networks in the vicinity. If you don’t broadcast your SSID, your employees will have to enter it manually along with the access key.
3. Connect via Ethernet
If your router manufacturer has yet to release a firmware update that addresses the KRACK exploit, then you should disable your wireless network and use an ethernet connection instead. Alternatively, if you still need wireless freedom, you may want to try using a mobile 3G or 4G connection.
Since mobile internet doesn’t use the same technology as WiFi, it is not susceptible to the same vulnerabilities. Nonetheless, using different methods to connect to the internet is only a temporary fix. If your router manufacturer still hasn’t released an update, then it’s likely that they no longer support your router model, in which case you should replace it as soon as possible.
4. Install HTTPS Protection
Since the KRACK attack relies on intercepting data on its way to the router, you should take steps to ensure that, even if this data does end up in the hands of an attacker, it won’t be of any use to them. By encrypting traffic, any intercepted data will be useless to the attacker.
Instead of relying purely on a third-party VPN, you can mitigate the risks by installing a simple browser extension called HTTPS Everywhere. The extension is available for the Chrome, Firefox and Opera browsers, and it automatically tells your browser to use the HTTPS version of websites for which it is available. However, if only HTTP is available for a website, then the add-on can’t do anything about it.
5. Disconnect Vulnerable Devices
The Internet of Things (IoT) is rapidly taking the world by storm, with businesses becoming increasingly reliable on internet-connected ‘smart’ devices, such as CCTV systems and physical security systems. Just as you should update your router to the latest firmware, provided a suitable patch is available, so should you update any firmware for IoT devices.
If no update is available for a specific device, then disconnect it until there is. After all, you certainly don’t want a hacker being able to access things like live security camera footage!
Fluid Networks helps businesses in the Los Angeles area protect themselves from the multitude of threats facing their IT infrastructure. If you’re ready to implement a cutting-edge, multi-layered defense system for your business, then give us a call today.