Don’t get KRACKed. Patch now.

KRACK LogoBy now, many of you may have heard the headlines regarding a vulnerability affecting, code named  KRACK, that affects WiFi encryption.

Why should you care? Primarily because your phone, laptops and other wireless devices can be fooled into disabling WiFi encryption, which would allow the bad guys to intercept all your live wireless traffic and steal any sensitive data you have access to. At first thought that may not sound so bad, but take a moment to reflect on the types of data you would normally use while accessing WiFi. Passwords? Email? Financial data? Your child’s social security number? Student information? Health information? The list goes on and on. The good news is that if the information is properly encrypted via other means, such as SSL (HTTPS), the risk is significantly reduced.

What should you do about it?

  1. Don’t panic.
  2. Patch all the things (computers, phones, web cameras, wireless routers, et cetera, et cetera, et cetera…)
  3. Patch Now. And later! Some manufacturers have not released patches yet, but most have. Keep checking.
  4. Until you are patched, avoid doing anything sensitive over WiFi unless it is protected with SSL (HTTPS). Smart browsing behavior becomes especially important.

While all devices are potentially vulnerable, the most vulnerable at the moment are Android and network connected IoT devices, for example, web cams and the like. If you are part of the Stony Brook University community, you can request assistance by opening a service request at service.stonybrook.edu.

Thanks for reading and don’t forget to subscribe.

5 thoughts on “Don’t get KRACKed. Patch now.

  1. Hi Matt,

    Hope all is well.
    I read this news the other day and it reminded me of one of your previous posts on the wi-fi vulnerability, KRACK (key reinstallation attack).

    https://www.forbes.com/sites/kateoflahertyuk/2019/10/17/new-amazon-echo-warning-as-wi-fi-hack-risk-confirmed/#3d69ac364057

    I suppose vulnerability discoveries and rediscoveries like these tend to get people nervous, being that the devices they affect are ones that hit closest to home, etc.

    Cisco just found a slew of vulnerabilities potentially affecting a number of their wi-fi access points, too.

    Fortunately, not many (if any) successful exploits have been reported from the wild as of yet, so that’s good news… But these aren’t the first and they won’t be the last…

  2. Why did I get a ticket from Jersey City stating I was parked in a street cleaning zone at 8/16/2022 at 1:55 when I was never there in the first place?I keep seeing people specifically get a parking ticket from Jersey City when they were never there as well. On the NJMCDirect website I did plea not guilty and provided Ring camera evidence of my car being parked at home during the time the ticket states my car was in Jersey City. The guide on njmcdiirect.org/ helped to know how to deal with my parking ticket. However If i had not pleaded guilty on http://www.njmcdirect.com, my payable amount would have been increased. Thanks to NJMCDirect for introducing the Municipal Court resolution system.
    https://njmcdiirect.org/

Leave a Reply

Your email address will not be published. Required fields are marked *