Don’t get KRACKed. Patch now.

KRACK LogoBy now, many of you may have heard the headlines regarding a vulnerability affecting, code named  KRACK, that affects WiFi encryption.

Why should you care? Primarily because your phone, laptops and other wireless devices can be fooled into disabling WiFi encryption, which would allow the bad guys to intercept all your live wireless traffic and steal any sensitive data you have access to. At first thought that may not sound so bad, but take a moment to reflect on the types of data you would normally use while accessing WiFi. Passwords? Email? Financial data? Your child’s social security number? Student information? Health information? The list goes on and on. The good news is that if the information is properly encrypted via other means, such as SSL (HTTPS), the risk is significantly reduced.

What should you do about it?

  1. Don’t panic.
  2. Patch all the things (computers, phones, web cameras, wireless routers, et cetera, et cetera, et cetera…)
  3. Patch Now. And later! Some manufacturers have not released patches yet, but most have. Keep checking.
  4. Until you are patched, avoid doing anything sensitive over WiFi unless it is protected with SSL (HTTPS). Smart browsing behavior becomes especially important.

While all devices are potentially vulnerable, the most vulnerable at the moment are Android and network connected IoT devices, for example, web cams and the like. If you are part of the Stony Brook University community, you can request assistance by opening a service request at service.stonybrook.edu.

Thanks for reading and don’t forget to subscribe.