DSN: Security Alert - WiFi KRACK Hack
A serious security flaw, called KRACK, was recently exposed, which could allow hackers to eavesdrop on your Wi-Fi communications. This primarily affects smart phone and laptop users but can affect any device that connects to the Internet using Wifi.
The bug has actually been known for some months and US-CERT informed vendors ahead of the public so that some patches have already been rolled out. Langtech is following the situation and for those clients who have subscribed to our proactive server and workstation management, Microsoft Windows Workstation and Server patches have been or will be applied shortly. Those clients who have Meraki Wifi access points should also already been patched and protected by automatic updates.
Below is a list of affected devices and steps you and your users can take to address the issue.
- Affected devices (Workstations, servers and phones)
- Windows (all servers, laptops & workstations) – MSFT pushed a patch on 10/10/17, so managed devices receiving updates are protected.
- Mac OSX – Patch in beta, rolling out in the coming weeks
- iPhone iOS – Patch in beta, rolling out in the coming weeks, will be included in 11.1
- Android – 6.0 and above affected, patch depends on manufacturer, recommend applying all manufacturer updates as they come out
- Affected devices/Access Points (APs)Affected devices/Access Points (APs)
- Meraki – fixed in patches 24.11 and 25.7, Meraki APs with auto-update enabled are protected
- Ubiquiti – will be fixed in patch 220.127.116.1137, due out sometime this week
- Other APs – dependent on manufacturer
- Use a VPN when connecting to your network remotely
- Avoid using public WIFI until you’re access point and wireless devices have been patched- try to use Ethernet or cell data instead
If you have any questions, concerns or would like us to perform a vulnerability assessment to ensure available patches are applied, please contact us at (415) 364-9610 or email firstname.lastname@example.org.