Connecting linkedin

Wifi security is vulnerable to hacking

9 months ago by Alison Owen

W1siziisijiwmtcvmtavmtyvmtmvmdivntavotm2l3nly3vydgl5idiuanbnil0swyjwiiwidgh1bwiilciymjawedywmfx1mdazyyjdlfsiccisim9wdgltaxplil1d

It has been announced today (16 October 2017) that there is severe vulnerability in the security of WiFi connections 

Belgian researchers have identified a weakness with the WPA2 protocol used by the vast majority of WiFi connections that potentially exposes wireless internet traffic to malicious eavesdroppers and attacks.  WPA2 is currently the recommended option for securing WiFi networks. If your network is not using advanced features like a virtual private network (VPN) or encrypted data, you could allow a hacker access.

This weakness has been given the codename Krack (Key Reinstallation AttaCK).

The United States Computer Emergency Readiness Team (Cert) issued a warning which was published this morning (16 October 2017):

“The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection and others,” the alert says, detailing a number of potential attacks. It adds that, since the vulnerability is in the protocol itself, rather than any specific device or software, “most or all correct implementations of the standard will be affected.”

This vulnerability will affect phones, WiFi systems in offices and public areas and many other devices.  

What we know now is that hackers can not only eavesdrop but also inject malware into connected devices. It is still unclear how this vulnerability may be fixed, although some routers may be issued with a firmware update that closes this down.
 

Who is affected?

Everyone - especially those working remotely or in a home office, especially smaller businesses that run their business from their home. It is difficult to assess the severity of this situation at this time. If eavesdropping or hijacking scenarios turn out to be easy to pull off, people should avoid using WiFi whenever possible until a patch or mitigation is in place. When WiFi is the only connection option, people should use HTTPS, STARTTLS, Secure Shell, and other reliable protocols to encrypt web and mail traffic as it passes between computers and access points. Users should consider using a VPN as an added safety measure. Insecure connections to websites should be considered public until the vulnerability is fixed.

It is home internet connections that will remain difficult to secure as their wireless routers are rarely updated - and we believe that it is smaller businesses that are likely to be at risk, as they will probably use a domestic standard of WiFi in the office.

 

Keeping ahead of the issue

As a responsible service provider to the recruitment industry, we at Volcanic feel it is essential that we explain to our customers about the issue and the steps we have taken.

Our Chief Technical Officer, Matt Whiteley, is monitoring the situation closely as it unfolds.

We have been advised that there will be an industry announcement at 14:00 (GMT) today, which we will share.

With immediate effect Volcanic has taken the below preventative measures:

  1. Issued an internal statement so all members of staff are aware of the issue and the measures we have put in place.

  2. Restricted all phone use to phone use only. No mobile hotspots.

  3. Suspended all other non-essential network devices.

 

To prevent vulnerability, we advise that users must update affected products as soon as security updates become available. In the meantime, we recommend you contact any WiFi service providers and your own technical team to ensure they prioritise implementing a solution as soon as one becomes available.

 

The Volcanic platform uses end-to-end encryption on all connections, meaning that should any communications be intercepted, they would be meaningless to the attacker. Use of secure HTTPS connections for all of our systems and all of our sites has been Volcanic policy for many years, as we are committed to the highest levels of protection around all data we handle.

 

Update - 18:00 October 16th

Microsoft has confirmed they have already released a fix for this issue to all supported versions of Windows, and it will have been applied by the automatic update tool. Business users should still be aware that company managed devices might not auto update depending on your company policy.

Google has confirmed a fix for Android is in the works, but there are concerns with how long it takes phone manufacturers to push official update to user's phones. Even flagship devices are several updates behind, so it could take months for users to be protected again.

Apple is yet to comment.

Learn more about cyber security with our free eBook: The Recruiter’s Guide to Cyber Attacks, Data Protection and Systems Security.

 

 

4 DAYS AGO BY ALISON OWEN

W1siziisijiwmtgvmdcvmdivmtqvmzuvmzgvotq0l0fybw91ci5qcgcixsxbinailcj0ahvtyiisijqwmhgzmdbcdtawm2mixsxbinailcjvchrpbwl6zsjdxq

As we hurtle towards Workplace 4.0, characterised by its data-driven processes, smart machines and the IoT, the single critical success factor for every business is going to be its ability to embrace technology. Is your cyber security up to standa...

READ MORE

9 DAYS AGO BY ALISON OWEN

W1siziisijiwmtgvmdcvmdivmtyvmjkvntuvmzayl1jvywqgdhvubmvslmpwzyjdlfsiccisinrodw1iiiwindawedmwmfx1mdazyyjdlfsiccisim9wdgltaxplil1d

The massive growth of digital comes with inherent contradictions. This growth means that cyber attacks are on the up. More of us in the arena, more names to be hacked, more cost, more cyber-headaches, right? Well, only partially. As we become more...

READ MORE

4 MONTHS AGO BY ALISON OWEN

W1siziisijiwmtgvmdyvmdyvmtyvmzgvntavodkxl25ld0v2awwttwvulxbvaw50aw5nlwf0lxn0cmvzc2vklxdvbwfuli1ezxnwzxjhdgutew91bmctynvzaw5lc3n3b21hbi1zaxr0aw5nlwf0lwrlc2staw4tagvylw9mzmljzs1pc29syxrlzc1vbi1ncmv5lxdhbgwtymfja2dyb3vuzc4ttmvnyxrpdmutahvtyw4tzw1vdglvbnmtzmfjzs1lehbyzxnzaw9ulwzlzwxpbmdzlwxpzmutcgvyy2vwdglvbi5qcgcixsxbinailcj0ahvtyiisijqwmhgzmdbcdtawm2mixsxbinailcjvchrpbwl6zsjdxq

Social media has a number of advantages and can be critical in your recruitment business' success - as outlined in our previous blog. Its power is, however, becoming increasingly hard to control, which can lead to negative attention being attracte...

READ MORE

8 MONTHS AGO BY ALISON OWEN

W1siziisijiwmtcvmtevmdkvmtyvmjmvnduvotixl0fsaxnvbibhdcbbufndby5qcgcixsxbinailcj0ahvtyiisijqwmhgzmdbcdtawm2mixsxbinailcjvchrpbwl6zsjdxq

Today Alison Dwyer, global marketing director at Volcanic, gave a presentation about the new opportunities the GDPR brings to marketing in the recruitment industry at the APSCo Marketing Forum held at Taylor Wessing. Talking about the well researc...

READ MORE