It seems not a day goes by without news of some new tech vulnerability or data leak, and warnings about using WiFi security issues are everywhere. In the wake of the KRACK vulnerability discovered last month, many of our clients have come come to us asking if it’s safe to use WiFi to transmit confidential financial or medical data.
When you use WiFi, all the data you send, including every username and every password, is broadcast over radio waves that anyone nearby with the right equipment can intercept. The same is true for all the data you receive: every medical record, every account balance, etc. The key to WiFi security is to encrypt all data in such a way that even if somebody is listening in on your network and does intercept your transmission, there would no possible way for them to decrypt it and read it.
The first line of WiFi security is called WPA, and that’s what the KRACK vulnerability is all about. Security researchers found a way to break into encrypted communications to read data transmitted between two vulnerable devices. This is a huge problem that affects virtually every WiFi device out there, but it doesn’t necessarily mean that you should stop using WiFi. WPA is the first line of security, but it is certainly not the only thing protecting your data. Most other types of network communication are also encrypted separately, so even if someone did break your WPA encryption, they would still be left with encrypted packets that could not be read.
The other good news is that KRACK requires that both sides of any WiFi connection be vulnerable in order for the exploit to work, and there are now patches out for Windows and Mac computers, as well as iPhones and iPads. If you have been keeping your computers updated, then they should be good to go. If you subscribe to NI Vigilance network monitoring or if you have a managed services contract with us, our service is automatically applying the updates you need for your computers.
Phones and tablets are another matter entirely, at the moment. If you have an iPhone or iPad, make sure that you update the software to version 11.1 or later. Unfortunately, for Android phones and tablets, the fix is more complex. Google has released a general Android patch, but it’s up to each manufacturer (Samsung, LG, etc.) and wireless provider (AT&T, Verizon, etc.) to pass the updates along, and they are notoriously slow in pushing updates out, especially to older devices. Until you receive an update that fixes the KRACK issue, we are recommending that you only connect your Android phones to the cellular networks, not WiFi.
However, with that one exception, you are probably safe continuing to use WiFi, even for sensitive financial and health data. If you have any questions, or are interested in our managed updates services, please don’t hesitate to call us at 530-631-3304.
Written by: Daniel Watson
November 6th, 2017
Posted In: NI Vigilance