Skip to main content
banner image
venafi logo

Are You on Krack? How Widespread Is the Latest Wi-Fi Attack?

Are You on Krack? How Widespread Is the Latest Wi-Fi Attack?

October 16, 2017 | Nick Hunter

Another new vulnerability affecting encryption was revealed today, www.krackattacks.com has detailed how their research has effectively found that both WP1 and WPA2 are no longer secure and cannot be relied to protect Wi-Fi communications within encrypted tunnels. This vulnerability affects both personal and enterprise networks, the ciphers WPA-TKIP, AES-CCMP, and GCMP, and significantly affects Android and Linux clients.

Researchers indicate that 41% of Android devices are vulnerable, and until new firmware is installed, communications that do not use HTTPS to encrypt traffic will be vulnerable to eavesdropping and injections of ransomware or malware into websites.

In addition, most IoT devices rely on Wi-Fi encryption because they typically do not support HTTPS. The problem is compounded by the fact that not only will it take time for vendors to update firmware to resolve the vulnerability, but many applications and IoT devices will have compatibility issues that may take significant time to remediate.

The Krack flaw represents yet another reason why consistently deploying HTTPS throughout your environment is so important. The best way to prevent exposure of the Krack kind is to consistently deploy HTTPS to all critical connections, not just web servers. Once that is done, you can’t let your guard down. Even HTTPS is not foolproof, especially if it isn’t deployed correctly, securely, and constantly validated.

The larger challenge is that HTTPS alone does not solve the problem. While we rely on websites to secure their HTTPS configurations, most websites are still not implementing strong encryption practices. This inattention may be due to challenges with compatibility or simply because encryption best practices aren’t prioritized until after a breach affects them or an industry peer.

The bottom line is that it’s critical for all organizations to understand the security implications of the machine identities that govern their encrypted tunnels. And let’s face it. With today’s mobile workforce, you can’t be sure that users are not accessing your network through a (now compromised) WPA2 tunnel.

First you need to re-enforce the need for your users to switch to more safer tunnels that use the more secure SSH or VPN protocols. Then you’ve got to make sure that the tunnels your organization is using are indeed secure and that you can trust the traffic that travels through them. Protecting the machine identities on both sides of a tunnel is a great way to validate the security of your encrypted tunnels.

Does your organization provide adequate oversight for tunnels that travel into and out of your network? See how Venafi can help.

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

roca factorization attacks

ROCA Risks: Are Your Keys Safe?

change certificate authority

3 Reasons to Change Certificate Authorities—Even If Your Browser Doesn’t Tell You To

accelerate F5 application delivery

Accelerate F5 Application Delivery with Automated Key and Certificate Management

About the author

Nick Hunter
Nick Hunter

Nick Hunter is an accomplished infosec leader with proven performance in driving revenue through successful strategy, enablement, pre-sales, and marketing. He was formerly Sr. Technical Marketing Manager and Product Manager at Venafi.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat