Wi-Fi Security

Topic: PCI DSS (Fri 20th Oct 2017)
Wi-Fi Security

It’s likely that you’ve heard about the recent ‘KRACK’ (Key Reinstallation Attacks) attacks. A serious weakness in WPA2 was discovered – a protocol securing modern protected Wi-Fi networks. If an attacker is within range of a victim, they can exploit their weaknesses using KRACKs.

Attackers can use the technique to read information previously believed to be safely encrypted. During an attack, sensitive information such as credit card numbers, passwords, chat messages, emails and photos etc are at risk.

The attack works against modern protected Wi-Fi networks and depending on the network configuration attackers may be able to inject or manipulate data. For example, an attacker may inject ransomware or other malware into your website.

Sophie Walker, PCI specialist at nexpay, says that ‘any businesses using Wi-Fi card machines or VOIP systems really need to look into this new method of attacks, and update and secure your systems according to the advice in this article or contact a security specialist. If your Wi-Fi isn’t secure your PCI compliance will be impacted.’

Are my devices vulnerable?
Yes, it is possible. Any device that uses Wi-Fi is potentially vulnerable. The easiest way to protect your devices is to ensure your operating systems have the latest updates installed.

Should I change my passwords?
Changing your Wi-Fi password does not prevent (or mitigate) attacks.

What do I do if there are no security updates for my router?
The main attack appears to be against the 4-way handshake and doesn’t exploit access points, instead it targets clients. This may mean that your router doesn’t require an update. We would advise you to contact your ICT support for more information. For home users, priorities should be updating laptops and phones etc as soon as possible.

What next?
Contact your ICT support or modem manufacturer.

Our advice…
1. Backup your data on all devices
2. Ensure the latest updates on your devices are installed
3. Prioritise any systems where banking/financial and client data is held or transmitted
4. Update all Wi-Fi enabled devices (routers, access points, phones, tablets, computers/laptops, tvs, alarms etc)
5. You may want to consider turning off your Wi-Fi
6. Update or change your network structure so Wi-Fi devices are treated as ‘un-trusted devices’ by default

We hope that the latest attack doesn’t affect your business, please don’t hesitate to contact us if you have any questions.

Become PCI Compliant

Read more articles in topic: PCI DSS