Did you hear the latest in Cybersecurity news?
- No not the news that Pizza Hut was hacked
- Not the news Hyatt Hotels were hacked.
BUT only the news that the supposed secure WPA2 Wifi Protocol is actually vulnerable to attacks. Which essentially means all current wifi access points are not secure.
CERT has a list of all the vendors with patches and affected vendor models. CERT used to be Computer Emergency Response Team, but today it is at Carnegie Mellon University and still reviews the important vulnerabilities.
So you say… Big deal another protocol is insecure the researchers say, just because it may be insecure if a person with knowledge can hack this then my wifi is going to be less secure, but what does it really mean?
It means it is another item to patch in a large schedule of patches (with Microsoft Windows, and other software also having to be patched.)
So we have to evaluate the actual risk and impact before allocating resources.
For one the hacker has to be close enough to your wifi station to see if they can hack your communications, this is not a recipe for mass mania. True, but as usual it is only the high risk areas that have more to worry about. High risk as in protecting Social security numbers, and other PII (Personal Identifiable Information).
So the largest worry we have is that this patch is going to be ignored by most people, thus leaving 50% or more of wifi access points vulnerable to this attack. So the best thing that can happen here is that companies must evaluate their own situation and then make decisions with their resources as to when to patch this problem. It may not be easily hackable and must have proximity to wifi access points. So in the future a seeming secure protocol is not until patched.
Unfortunately not everyone patches. As we mentioned before, 25% patch within first week,another 25% within first month, an additional 25% within 6 months. And some do not patch at all.
Obviously this is true since there are many ransomware outbreaks and they take advantage of basic patches not applied (vulnerabilities that take advantage of this).
So in the coming months as hackers develop better hacks (programs that take advantage of this vulnerability so the hacker can make money, only then will the risk go higher and higher. And depending on impact of system affected it might actually get more dangerous for the companies not patching.
So everyone must have a patching regimen. Get going already – get a CISA tester on hand (like US – contact us).