Today, the Minister of National Security the Hon. Wayne M. Caines, JP, MP, warned the public of a weakness in a security protocol that Wi-Fi devices rely on has put wireless-enabled devices at risk of attack.
The Key Reinstallation Attack, or “KRACK” can allow an attacker within range of a Wi-Fi network to gain access to unencrypted traffic sent over the internet.
The Government’s Cybersecurity Working Group is advising the community to take the following precautions:
For the Public:
- Ensure all your devices remain up to date. It may take some months for fixes to be available so turn on automatic updates for best protection.
- Where possible plug devices into a network rather than using Wi-Fi.
- When sending information online such as personal or credit cards information check to make sure the website address starts with ‘https’ or the lock symbol is on in the corner.
- When possible turn Wi-Fi off when not using it. This includes appliances, webcams TVs and baby monitors.
For Corporate users:
- Follow best industry practice and guidelines. Double check intrusion routes to ensure Wi-Fi does not leave core networks vulnerable.
- Update all machines, servers, devices and Wi-Fi routers when advised to do so by manufacturers.
- Minimize public Wi-Fi use. Avoid core IT systems using Wi-Fi if possible.
- Mandate Virtual Private Networks (VPNs) for corporate Wi-Fi users and ensure VPN software is updated too.
- Monitor networks for intrusion. If possible authorize access by Media Access Control (MAC) address.
- Once all the fixes have been delivered, switch off the old insecure Wi-Fi modes and replace devices that are no longer supported.
As a note, Minister Caines is the chairman of the Cabinet’s Cybersecurity Committee.