6330 E. 75th Street, Suite 336Indianapolis, Indiana 46250
(800) 746-4356(317) 251-7920

Time to Patch Your Device

A new vulnerability affects most Wi-Fi enabled devices

  • 26 October 2017
  • Author: TMcShane
  • Number of views: 2049

Fatal WPA2 protocol flaw puts most Wi-Fi enabled devices at risk

                By now, you may have heard of the most recent high-profile security vulnerability to surface in the last couple weeks. You may even know the name attached to it – “KRACK attacks”. This vulnerability mainly exists within WPA2, which is a level of security certification developed by the Wi-FI Alliance, and is the standard protocol for many public and private access points. The vulnerability allows an attacker to intercept, decrypt, manipulate and hijack a victim’s wireless traffic, and doesn’t even need to connect to the network itself. Microsoft, Linux, Cisco, Apple and others have all released or announced patches.

The real difficulty with a vulnerability of this size is the sheer scope of the amount of devices affected. Certainly, some devices won’t be updated for a number of reasons, like end-of-support, or simply being overlooked. This could result in thousands to millions of IoT devices, smartphones, and computers vulnerable to attack. It is no doubt that this vulnerability will have implications for years to come. To learn more, check out this month's issue of SIMformation.  

Google introduces the Advanced Protection Program

                To celebrate CyberSecurity Awareness month in October, Google has announced a series of security improvements and programs on their blog. The latest entry details a new offering for Google users who are at increased risk of online attack. The Advanced Protection Program consists of 3 core defenses: Defense against phishing; protection from accidental sharing; and fraudulent account prevention.

Defense against phishing has been augmented by the introduction of support for “security keys”, an enhanced form of 2-factor authentication. These security keys can take a couple forms, such as a USB drive or similar wireless devices, and they act essentially as a “key” that authenticates and allows access to your digital data. This tool prevents hackers from logging into accounts using a stolen password.

Protection from accidental sharing is ensured by allowing applications limited access to user’s Google accounts, like Gmail and Drive. This will prevent malicious apps that were accidentally downloaded from accessing account information. Right now, only Google apps are allowed full access, but Google has said they plan to expand to include more apps.

To prevent fraudulent accounts from being created and accessed, Google has made the account recovery process much more rigorous. It is aimed at making it more difficult for hackers to impersonate the account owners during an account recovery process, for example, caused by a lost password. The additional steps include demanding more detailed information and performing more reviews.

                Right now, anyone with a consumer Google Account can enroll in the Advanced Protection Program, and it is especially recommended you do so if you are in a line of work that involves sending and receiving sensitive, political, or otherwise critical information. You can learn more about the program here. 

National CyberSecurity Awareness month is almost over!

As October comes to a close, so too does the Department of Homeland Security's National CyberSecurity Awareness month. Intended to improve the security posture of the nation as a whole, the campaign is designed to engage and educate business owners and individuals alike on the importance of cybersecurity. If you haven't taken any steps toward better security hygiene this month, it isn't too late. Head here to read about all of the kinds of securities offered by SIM2K, and choose one, or all, that fit your business needs. Here at SIM2K, we believe in defense in depth.

Tom X. McShane



Categories: Important News
Rate this article:

Please login or register to post comments.

Our Happy Customers

"As a small business, we do not have our own internal IT department. SIM2K® Block Hours offer us a way to get more of the support we need at a lower cost."
-A central Indiana wealth management company

"We've found SIM2K to be an instrumental force in shaping our IT future. Thanks to their SIM2K Block Hours, we've found an effective way to pay for our IT needs as they arise."
-A central Indiana auto auction

"SIM2K has been there for us over the years. They've helped us setup remote access systems, advised us in our continued growth and even helped us restore our patient management software."
-Top rated Indiana surgeon's office

"We were hit by a nasty Internet worm right in the middle of tax season that disabled our server. SIM2K was able to come in and in hours we were back up and running. Their responsive and competent help saved us a lot of time, pain and money."
- A central Indiana accounting firm

"BDA has been utilizing SIM2K consulting services for several years now. We are very pleased with SIM2K's focus on customer service and recently decided to become a SIM2K® Pinnacle customer. We IMMEDIATELY realized the cost benefit to our company! SIM2K Pinnacle has proven to be a great asset to our company..."
- Bill Dunbar and Associates, LLC