What WiFi’s KRACK attack means for you and what you can do about it: interview
Day after day, America is faced with a long list of growing cyber threats. In light of recent hacks, leaks, and general cyber attacks, it is no wonder that cybercrime is America’s new number one fear.
Unfortunately, it would appear that a newly discovered threat has reared its ugly head, giving us another reason to act with caution when connecting to WiFi.
Last month, cybersecurity watchdogs and researchers expressed deep concern regarding a new threat, warning WiFi users of the potential dangers associated with the recently discovered security flaw named KRACK. This weakness could allow hackers to read information thought to be encrypted, or infect websites with malware.
To get a better understanding of the situation and how to tackle this problem we spoke with Leonardo Cooper, CEO of VaultOne, a cybersecurity company that strives to keep business safe in the face of today’s ever-changing cyber landscape.
I understand that last month a new threat to WiFi security was discovered. What does this mean for those of us using WiFi?
Yes, KRACK, which was one of the latest discovered vulnerabilities in WI-Fi. Now, because this flaw is on the WI-Fi’s most used security protocol (WPA2), it means that almost everyone connected to a WI-Fi network is affected.
What can happen to us if someone was to take advantage of this flaw?
An attacker can eavesdrop all of your network traffic and also hijack your connections, meaning the attacker would be able to steal your passwords, emails, photos, credit cards, and everything you do on your computer or smartphone, and at some extent even infect your computer with a malware.
Do you think technology companies should do more to protect us from flaws and hacks, or do you feel that responsibility lies with the user?
I think both, technology companies should commit to updating their products more frequently, and this also includes their legacy products as well. Also, it is important to adopt best security practices when developing their products, everything should be protected nowadays.
The user also plays an important role in security, because end-user security is always a tradeoff with convenience, as users we should balance this wisely.
What advice would you have to help readers protect themselves while accessing WiFi?
First and most importantly, update all your devices, everything that has a WiFi chip: smartphones, routers, TVs, refrigerators, printers, computers and so on. Also, make sure there is an update available for those devices that address this issue particularly.
Second, avoid public WI-Fi networks, they were insecure before KRACK and they are insecure after. WPA2 is a far from perfect protocol and it can allow an attacker on the same network to sniff your traffic. Prefer your mobile data plan instead of a public WI-Fi network.
And third, if you are in charge of choosing your router’s WI-Fi password, choose a really long one.
What does this new WiFi threat mean for IoT devices that use WiFi?
IoT devices are usually the forgotten ones in our home, we think they “just work”, but the fact is that they need as much our attention as the other devices, like computers and smartphones.
I understand you have worked in cybersecurity for large corporations and governments. Is WiFi security something to be seriously worried about for these types of organizations?
Yes, it is, and they are, even before KRACK, WiFi security had a long history of vulnerabilities, and the current protocols are not good enough to protect their data.
Organizations are boundary-less now, their data are in multiple places and at the same time, the employee takes the company is his pocket, to home, to the cafe, on the go, and they also connect to the organization from those places, that is why most of the companies have this another layer of security called a VPN.
From your experience, what is the most common type of hack or breach that large corporations and governments receive?
From my own experience, I can tell you the most common breach is related to leaked privileged credentials (passwords and keys) that access important servers and services, and it happens due: phishing, careless storage, non-authorized sharing, or internal stealing.
On a slightly more cheery note, with regards to WiFi, what are you really looking forward to seeing develop from this technology over the next five years?
I would like to see a new WI-Fi protocol, one that could easily differentiate user-based connections from machine-only connections, that way we could more effectively authenticate users and monitor behavior. We also need abetter protocol that makes sure we are safe in public WiFi networks (cafes, airports, etc.).