There has been a major stir this week with the announcement of the “KRACK Attacks” — an exploit against the WPA2 standard which secures the connections to virtually all wireless networks worldwide. As this affects everyone who uses Wi-Fi for their Internet connection, including most of our customers, we have been looking into the issue.
The first rule, for now, is: don’t panic. While the vulnerability will affect you, so far no malicious code has been released, and vendors are already working on patches to prevent future abuse. The good news is that WPA2 itself remains secure — there’s just a trick which can force it to reuse encryption keys in ways that an attacker can exploit. Both computer vendors and router vendors are at work on patches that prevent that reuse; if either the router or the connected computer is patched, the connection is safe.
The most important thing you can do in order to keep your Wi-Fi secure is to install the security updates put out for the operating system of your computers/phones/tablets. (This is important because, even if you patch your own router, you want to make certain your devices are safe on other Wi-Fi networks.) Microsoft has already released their patch. Apple and Google are working on theirs and a fix should be released within a week or two.
Patching your wireless router is also a best practice moving forward — although the process of applying firmware updates from your router manufacturer is more difficult than just updating your computer’s OS. The biggest benefit to updating your router is that it will provide protection to “Internet of Things” devices which may not receive security updates; if you are only using computers/phones/tablets which are patched, router patches will provide almost no additional protection.
Spiral does not sell standalone wireless routers. However, some DSL modems that we sell do include wireless capabilities. We are currently speaking with our vendors about firmware updates for those modems, and if Spiral sold you a wireless modem/router, we will be happy to assist you with upgrading it at the time that those patches become available. Please call our office at (530) 478-9822, Ext. 1 for technical support, if you would like help with that process.