Blog / WiFi Authentication Vulnerability: SPECIAL PRIORITY ALERT – PLEASE READ!!
Karl Buckley – our Cyber Security Supervisor – has been tracking a new vulnerability in EXISTING WiFi encryption Protocols. Karl wrote this memo that I would like to share with you:
There’s a new attack targeting WiFi networks. Researchers found it quite by accident, while doing investigations into the new WPA3 Authentication Standard (published in January this year.)
The vulnerability exists within the design of the WPA Protocol itself, meaning that most modern WiFi devices will likely be vulnerable to it. The problem with proving that would be the testing. There is currently no official name for this attack.
This is NOT a virus or malware, but rather a method through which a potential Hacker could gain access to Private and Public WiFi networks. From there, data could be stolen or corrupted by Ransomware or another virus.
To perform the exploit, an Attacker simply needs to listen to the traffic generated by the devices connected to the Network. They don’t need to connect, they just need to be close enough to listen. Given that WiFi ranges tend to be less than 100 M, the Attacker would have to be someone in your immediate local area; it is NOT someone sitting in their basement overseas.
Listening to the WiFi traffic won’t give them the pre-shared key to the network directly. However, it will give them an encrypted version of it, known as a Hash.
Once the Attacker has this Hash, it can be attacked and cracked offline at their leisure, to determine the pre-shared key to access the Network. It just becomes a question of how much time it will take. They would then have to return to your immediate local area to use the key (password), to gain access to the Network resources.
Thus, from a practical standpoint, to be targeted by this exploit would require someone local with Technical knowledge AND desire to target your Network. Given your location, sensitivity and desirability of your information, the risk could be low. However, it is a Technical vulnerability that requires mitigating action, especially if you have a legal requirement to do so.
What are the options to protect yourself?
Enable WPA3
- WPA3 only became an official standard in January of this year, so it will likely not be an option on many WiFi devices, at this time. This is the ONLY way to make sure the Network is not vulnerable.
Make sure the pre–shared key is difficult to crack
- This means a WiFi password that is long and complicated.
- Cycling the password periodically is another suggestion, though in a network with lots of devices this could be time-consuming.
Apply all available Firmware updates for that device
- This is not a guarantee of protection. It depends on what the update involves. However, if WPA3 is not available for the device, this may be the only viable option to mitigate the risk.
- It is likely that many currently-deployed WiFi Access Points will not have a WPA3 upgrade option for some time – if ever. Many devices may be too old to implement a WPA3 option.
The information may be somewhat Technical, but the message is that your WiFi networks are at risk. Please contact me or your Technician if you have any questions about this new WiFi vulnerability – all in the name of stress-free IT.
Thanks!
Dave White
TRINUS
stress-free IT
trinustech.com