Skip to main content
banner image
venafi logo

Are You on Krack? How Widespread Is the Latest Wi-Fi Attack?

Are You on Krack? How Widespread Is the Latest Wi-Fi Attack?

Krack attack and encryption
October 16, 2017 | Nick Hunter

Another new vulnerability affecting encryption was revealed today, has detailed how their research has effectively found that both WP1 and WPA2 are no longer secure and cannot be relied to protect Wi-Fi communications within encrypted tunnels. This vulnerability affects both personal and enterprise networks, the ciphers WPA-TKIP, AES-CCMP, and GCMP, and significantly affects Android and Linux clients.

Researchers indicate that 41% of Android devices are vulnerable, and until new firmware is installed, communications that do not use HTTPS to encrypt traffic will be vulnerable to eavesdropping and injections of ransomware or malware into websites.

In addition, most IoT devices rely on Wi-Fi encryption because they typically do not support HTTPS. The problem is compounded by the fact that not only will it take time for vendors to update firmware to resolve the vulnerability, but many applications and IoT devices will have compatibility issues that may take significant time to remediate.

The Krack flaw represents yet another reason why consistently deploying HTTPS throughout your environment is so important. The best way to prevent exposure of the Krack kind is to consistently deploy HTTPS to all critical connections, not just web servers. Once that is done, you can’t let your guard down. Even HTTPS is not foolproof, especially if it isn’t deployed correctly, securely, and constantly validated.

The larger challenge is that HTTPS alone does not solve the problem. While we rely on websites to secure their HTTPS configurations, most websites are still not implementing strong encryption practices. This inattention may be due to challenges with compatibility or simply because encryption best practices aren’t prioritized until after a breach affects them or an industry peer.

The bottom line is that it’s critical for all organizations to understand the security implications of the machine identities that govern their encrypted tunnels. And let’s face it. With today’s mobile workforce, you can’t be sure that users are not accessing your network through a (now compromised) WPA2 tunnel.

First you need to re-enforce the need for your users to switch to more safer tunnels that use the more secure SSH or VPN protocols. Then you’ve got to make sure that the tunnels your organization is using are indeed secure and that you can trust the traffic that travels through them. Managing and protecting the machine identities on both sides of a tunnel is a great way to validate the security of your encrypted tunnels.

Does your organization provide adequate oversight for tunnels that travel into and out of your network? See how Venafi can help.

Like this blog? We think you will love this.
Featured Blog

How DoS/DDoS Attacks Impact Machine Identity, Digital Certificates

For safe and secure utilization of machine identities such as SSL/TLS cer

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Nick Hunter
Nick Hunter

Nick Hunter is an accomplished infosec leader with proven performance in driving revenue through successful strategy, enablement, pre-sales, and marketing. He was formerly Sr. Technical Marketing Manager and Product Manager at Venafi.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more