You WiFi traffic Exposed by Krack
On October 17th new problems were announced with devices that use WiFi communications. The most common type of encryption for WiFi networks is flawed. There are several demos now available on Youtube to demonstrate this weakness. The bad guys just need to view the videos to exploit this problem.
For business people this means there are ten new ways someone can eavesdrop on your WiFi network. Every WiFi device is affected. Your phone, tablet and WiFi connected computer are all vulnerable. This includes any wireless terminals, tablets and phones used for credit card transactions.
What action should you take now to protect your network and intellectual property?
- Apply the October security updates to all Microsoft Windows devices
- Apply IOS update 11.1 for all Apple wireless devices
- Apply the November 6th 2017 security update from Google for android devices. You will need to contact each Android vendor to see when and if the security release is available.
- Update all WiFi access points with patches for KRACK. This should protect even unpatched devices like your wireless security cameras.
- Use a VPN, virtual private network, to protect your phone and/or tablet when you are away from the office.
- Scan your networks to get a list of all WiFi devices. You need an inventory of what you have left to patch.
In the Scottsdale Air Park
Most businesses in the Scottsdale Air Park use Wifi. From the latest information there are over 12,074 unique hardware addresses that are using the WPA2 encryption in the Scottsdale Airpark. Some devices have multiple addresses for one wireless device. You can check the public listing for know WiFi access points at the WiGlE web site. How do we know the number of access points? Because your WiFi broadcasts the information out to the street or parking lot every day, night and weekend. Anyone with a cell phone can see who you are and where you are located. The app to scan an locate an access point within a few feet is free.
About 30% of Scottsdale Air Park Businesses have not corrected the Wifi vulnerability from six years ago, WiFi Protected Setup. The current map is found at a shared Google map. Security Industry professional believe that it will take decades to fix this latest problem. The current survey shows that businesses in the Airpark do not correct know problems in a timely manner. For safety tips to secure your WiFi check the 8 steps to safer WiFi page.
Router Solutions
Most business class routers have patches to protect against the KRACK problem. Unfortunately most small businesses don’t use business class access points or routers. An example is the manufacturer Netgear. They have 46 products that are affected, but only fourteen have upgrades available by early November 2017. Many consumer grade routers can be upgraded with alternate firmware to improve performance and security. DD-wrt, Tomato and OpenWrt are three firmware replacements. DD-wrt has more user support than the other two options. The LEDE project is a branch of OpenWrt which has over 3000 applications that can run on a router. A current list of router and mobile device patches available is here. The patches are just one end of the communication channel that needs to be changed.
VPN for your mobile device
A VPN, virtual private network, creates an encrypted path back to a safe place to browse the Internet. This prevents anyone from reading your information transferred to the safe Internet connection. Commercial vendors include Private Internet Access, IPVanish and CyberGhost. The cost is $35/year to $144/year. These costs are for each employee. Free VPN software is available, but those company monetize your connection in other ways by selling ads on the network or selling your online activity and browsing habits to outside companies.
If you use dd-wrt, Openwrt, or Tomato on the router at your office OpenVPN is available to safely connect all of your mobile internet traffic back to your office. OpenVPN does not have a per user or monthly cost. Some new Asus, Netgear, Linksys and TP-Link internet routers have OpenVPN support also. For a business with outside sales or service personnel this is a safe secure solution.
If you don’t want to monitor security for your computers and network we can help. There are simple inexpensive solutions to your network security. Just call us at (480) 822-7222.
For a free security assessment.
Altura IT provides affordable network security for small businesses in the Scottsdale area.