A new security flaw was found in WPA2. The researchers who discovered it have termed this new hole a KRACK (Key Reinstall Attacks). Since most corporate wireless networks using a standard password are secured using WPA2, this opens up nearly all corporate wireless networks.
So, now what?
The KRACK vulnerability works as a Man in the Middle Attack, forcing your devices to connect to fake network that appears to be your own. Because of this, the only way to protect yourself is to ensure all of your devices are up to date with patching and security.
Microsoft has already released a patch for this vulnerability, but several other vendors are still vulnerable to this attack–especially Android devices. Check out this list of patches available to date to see if your device has an available patch.
If you are unsure about the security of your devices or how to implement the necessary patches, please contact PEI for help at 303-974-6881 or firstname.lastname@example.org!
Jason Howe, PEI