By now you may have heard of the latest cybersecurity threat, KRACK (short for Key Reinstallation AttaCK). But what exactly is it?
KRACK is a vulnerability in the WPA2 security protocol used by most wireless networks today. The vulnerability allows hackers to steal data flowing between your wireless device and the targeted WiFi network, as well as potentially inject malicious data and ransomware, according to Krebs on Security.
SSI reached out to cybersecurity expert and CEO of Trustifi Idan Udi Edry to explain what it all means and how we can keep our information safe. Here’s what he had to say:
The cyber “flaw” we’re seeing now is one that impacts people outside of just the business world, and outside of just those that use a specific email server. It instead, impacts every consumer who operates under Wi-Fi, within a WPA2 security protocol.
As you are reading this, you may be vulnerable…
The bug currently nicknamed KRACK, is simply a “glitch” in the system, which has the potential to allow hackers into network traffic, and have access to any personal information that is sent over a WiFi connection.
When we think wireless, we often think phones, however think of everything we send, do, and share over a WiFi network.
According to Tech Insider, in 2016, WiFi accounted for the larger share of data sent from smartphones, and that just accounted for handheld devices linked to a carrier.
When we look at how to move forward from a vulnerability like this, we must be proactive in protecting our private information, and in understanding the responsibility for this “flaw” in security falls into the hands of the security protocol system.
Without careful implementation of proper security features, billions of consumers’ information is now at risk.
One of the problems that we are facing at the moment is that all of the information on our phones and computers is actually being held in one basket, which causes a very big vulnerability for our privacy.
We wouldn’t give our phone lock code passwords to a complete stranger, or better yet, our email passwords. However, without any level, or extra level of security, this is essentially what we are handing over. When a breach of this magnitude surfaces, we become vulnerable and are immediately at risk of losing our privacy, without an extra level of security in play.
We at Trustifi try to increase our customer’s awareness of how important it is to secure your information and especially that information that is sent over on one of the leading communication platforms today – email. We cannot prevent delivering of information via email, because it has become part of our life.
However, how we deliver it, we can control. I suggest everyone puts as many factors of authentication on their email accounts, and encourage every business that is sending them information, to do the same.
Sending over bank statements, medical documents, criminal records, etc., with a simple password protected landing page, is simply not enough. Two-factor authentication can prevent these cyber breach breaking news stories from surfacing on a daily basis.
Consumers need to wake up, put pressure on those businesses that they do business with, and understand cybersecurity is no longer a question of “should we,” but rather, “How do we?”