Protect Mobile Users against KRACK Vulnerability

What happened ?

Yesterday, it was made public that WPA2 protocol is vulnerable and an attacker within range can exploit it using Key Installation Attack (KRACK) to read information that was previously assumed to be encrypted. By using this method, all the data being sent from a Wi-Fi connected device can be recorded, such as passwords, credit card informations and more.

As the weakness is in the Wi-Fi standard itself, this simply means that all Wi-Fi enabled devices are under risk. As an administrator, you may update your company Wi-Fi devices’ firmware once the patches are out (such as routers, access points, hotspots) to make sure that attackers can’t eavesdrop on your traffic but you should take additional measures for your users who are connecting internet from public hotspots and mainly the mobile users as mobile users tend to leave their wi-fi enabled and join hotspots very frequently.

Just as an example, it’s stated that 41% of all Android devices are under risk covering all 6.0+ versions! Even tough companies introduce patches, it is highly recommended for you to use mobile VPN for making sure that KRACK would not harm you.

What to do ?

Dome Shield provides web access controls and advanced threat protection to mobile users by its Mobile VPN Profiles and protect all iOS and Android based devices including iPads, iPhones and all types of Android devices using its VPN Service. In order to achieve this:

Open your Dome Shield Portal and go to Configure > Objects > Mobile Devices and send the VPN Profile to your users.

Once the VPN profile attached to the e-mail received is installed, all internet traffic on your mobile devices will be encrypted end to end, the mobile device will be secured against all advanced threats regardless of where you are connecting the internet from. Web security provided with Dome Shield works seamlessly across 2G, 3G, 4G, LTE cellular networks and Wi-fi.

This will help you secure your mobile users against KRACK vulnerability and it’s effects.

Just wanted to comment on this, the issues aren’t with the Access Points but rather the clients as is implied a

The best defense is it install any system updates. All major OSs have released updates already.

WiFi vendors are releasing patches now which will help prevent the issue for un-patched clients connecting to them.

If there aren’t any updates for your APs then disable BSS Fast Roaming (802.11r) as this is where the bug lies.

A VPN won’t stop the attack but will result in the captured packets being encrypted and unusable to the attacker.