What You Need to Know About Cybercriminals Who Can Hack Wifi

If thinking about cybercriminals isn’t on your agenda, you might want to adjust that. Earlier this year, I attended a cybersecurity course that was taught by an FBI Computer Scientist and an FBI Agent. I shared what I learned in these two blogs:

Internet Safety: How vulnerable are you?

Internet Safety: How can you avoid becoming a victim?

I recently learned from Bryce Austin of TCE Strategy about a new twist on cybercriminals and theft in cyberspace. Here is the information he shared:

“A new vulnerability in wireless networks has enabled cybercriminals to listen in on others’ WiFi data. There are probably hundreds of them in airports, coffee shops, apartment complexes and office buildings doing this right now. Please read on to see how to protect yourself and your company.

Wireless (WiFi) network connections use encryption to keep others from being able to listen in on the conversations your computer is having on a WiFi network. Encryption requires an initial “handshake” to setup the rules that both sides will use for the connection.

A researcher has found a way to break the handshake process, which allows an attacker to insert themselves in between your computer and the WiFi system you are using. This would expose any sensitive data you send over the WiFi link, and could also allow hackers to put up websites that look and feel like real websites but aren’t the genuine ones. They are fakes that are designed to collect your usernames and passwords for cybercriminals to use. This is bad.

The heart of the issue is that the attack is easy for criminals to do, which is why I’m sending this special alert.

The good news is that a cybercriminal has to be physically close enough to your WiFi system to intercept what you are doing, so if you live or work in an area that is unlikely to have enough users to make it worth a cybercriminal’s time to hack you, you are probably safe.

What to do about it:

  1. If your user device is patched, the problem goes away. If the WiFi hotspot you attach to is patched, the problem also goes away. The problem is that many systems don’t have patches available yet.
  2. Some systems already have a patch. Patch them. iPhones, iPads, MacOS (on Macintosh desktops and laptops) all have patches. Cisco Meraki WiFi systems have patches. Patch them. A colleague of mine, Blake Thompson, found a list here of systems that do and do not have patches available: https://www.reddit.com/r/KRaCK/comments/76pjf8/krack_megathread_check_back_often_for_updated/
  3. If your system can’t be patched yet, consider not using WiFi unless you really need to. If you can use a networking cable, do it. If you can use your cell phone’s data plan, use it.
  4. If you must use WiFi, consider using a VPN (Virtual Private Network) which encrypts the traffic between you and the other end of your VPN, which will workaround the problem for 99% of us (the most determined cybercriminals could setup a fake VPN, but that is getting outside of the “it’s easy to do” statement I made above).
  5. Turn off “auto-discover WiFi networks” on your devices.
  6. If you can choose which device to use, use a patched Apple device rather than an Android device. There are not patches for Android at this time.
  7. If you must use public WiFi, be sure to look for the security symbol on your browser. It will look like a little green closed padlock (NOT a red open padlock), and the website name will begin with https: instead of http:
  8. If you work for a company that has stringent cybersecurity needs or are a home user with concerns about cybercriminals, consider turning off WiFi at your home or office. I realize this is a drastic step, but this vulnerability is too easy to exploit.

Articles with more information:

*The Researcher’s Work that Found the Vulnerability

*Mac Devices Already have Patches Available

*Cisco Meraki WiFi Devices Already have Patches Available

*This is an Unofficial List of Systems That Do and Don’t Have Patches (same link from bullet point #2 above)

About Bryce Austin:

Bryce Austin, CEO of TCE Strategy, provides CIO and CISO advisory level services and is a keynote speaker around the globe. Please click here to talk to Bryce about how he can help your organization.

About Helene Segura

As The Inefficiency Assassin™, Time Management Fixer Helene Segura empowers professionals on the go with the tools to slay lost time. Personal inefficiency at work leads to increased stress levels, lower morale, higher absenteeism, more turnover – and rising spending on employee health care and hiring. Why not improve productivity, decrease stress levels, and increase profits instead? The author of four books – two of which were Amazon best-sellers – Helene Segura has been the featured organization expert in more than 200 media interviews. She has coached hundreds of clients to productivity success and performance improvement by applying neuroscience and behavioral modification techniques to wipe out destructive, time-wasting habits. Helene turns time management on its head by sharing both client case studies and pop culture examples to teach her mind-bending framework for decreasing interruptions, distractions and procrastination so that companies can spend more time generating revenue.

Leave a Comment