SingCERT recommends steps to secure Wi-Fi networks

In response to the KRACK bug, SingCERT has released recommendations on how citizens can protect themselves from potential attacks.

krack bug
A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017 (Kacper Pempel/Illustration/Reuters)

More than 11 million devices in Singapore are confirmed by the Singapore Computer Emergency Response Team (SingCERT) to have been affected by the KRACK (Key Reinstallation Attack) bug. Every device that supports Wi-Fi is vulnerable to cyber attack.

Cyber criminal might use WPA2 (Wi-Fi Protected Areas II) as a gateway to devices. In response to this flaw that affected millions of other devices from around the world, SingCERT has released recommendations on how citizens can protect themselves from potential attacks.

Who are the affected vendors?

Since everyone using devices that support Wi-Fi is exposed to threats, security researcher Mathy Vanhoef, who discovered the flaw with fellow researcher Frank Piessens at Belgian university KU Leuven, suggests contacting the vendor for more information. Some companies that confirmed the impact of the vulnerability on their products and services include Apple Inc, Microsoft Corporation, Google, Toshiba Corporation, Samsung Mobile, Ubuntu, Intel, Netgear Inc and Cisco, among others. View full list on US-CERT.

In a ZDNet report, aforementioned companies who have released security updates to their products include Apple, Microsoft, Google, Netgear, Cisco and Intel.

Update devices and routers

Changing the password of one's Wi-Fi network does not safeguard anyone from an attack. Instead, one has to update the device and router and change the password after. With KRACK, Vanhoef has noted that hackers could directly attack devices like smartphones and laptops instead of using access points on routers, so keeping devices updated is more important.

The Wi-Fi Alliance on Monday reported that no evidence so far is pointing to a malicious exploitation of the vulnerability. The alliance is responsible for the provision of a detection tool for vulnerabilities for its members and the communicating details and remedies to vendors, among other roles.

Vanhoef stresses the need to conduct additional research from the academic community on these vulnerabilities to prevent similar occurrences in the future.

This article was first published on October 18, 2017