« Ordering PCs in 2017 | Main | Hey, can you stop what you're doing and proofread this for me? »

KRACK Vulnerability

A major vulnerability to WPA2 encryption was discovered recently by security expert Mathy Vanhoef.

The vulnerability, known as "Key Reinstallation Attack" or “KRACK,” could make your wireless network traffic from WPA2-protected devices susceptible to attack.  A recent PC World story says Evil-Computer-300px hackers can read your network traffic, allowing them to steal financial information, passwords, private conversations and other sensitive data.  They could also inject dangerous ransomware or malware into HTTP content that you are accessing.

Most modern Wi-Fi-enabled devices do utilize WPA2 to encrypt network traffic.  SCLS is actively patching the equipment it supports for libraries.  Libraries should be concerned about patching the devices we do not support.  Everyone should update their devices at home as well.  If you have Windows 7, 8, 8.1 or Windows 10 installed on your device and have automatic updates enabled, you are probably safe.  Microsoft issued security patches for its supported operating systems on October 10th.  Other technology such as Google, Android and Apple devices, streaming content players, routers, mobile phones and security cameras may require patches as well.  The links below may help you find the status of some of the devices you support.

https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4

https://ensurtec.com/patch-status-krack/

http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/

https://github.com/kristate/krackinfo

https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/

https://www.macrumors.com/2017/10/16/krack-wifi-vulnerabilities-patched-apple-ios-macos/

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Post a comment