As is becoming increasingly common these days, yet another network security vulnerability has gone viral and this time it’s targeted specifically at Wi-Fi. The short name for the vulnerability is KRACK (Key Reinstallation AttACK) and it affects the WPA2 protocol which is used by those who would like to protect connectivity to a Wi-Fi service by forcing clients to enter a password. (More information on the vulnerability can be found here: https://www.krackattacks.com ) This vulnerability is just the latest in a growing trend of published security flaws exposed to provide increased awareness of potential threats to user information.
At Single Digits, it’s just business as usual and there’s no need to panic. Providing a managed Wi-Fi service means staying on top of these potential threats and mitigating risks through implementation. This shines a spotlight on what’s always made Single Digits unique: the right blend of security-focused technology and managed service best practices.
Below is some information to help you understand what this newly published threat means for your venue’s network and what Single Digits is doing to protect you and your guests.
Understand If This Threat Is Relevant To Your Network And Gauge The “Risk”
First, this threat is specific to Wi-Fi SSIDs configured with WPA2 encryption. This means that any user experience where guests are free to join a Wi-Fi network and log in through a common captive portal experience are not subject to any new threats. These are usually referred to as “open” SSIDs and they are just that: open to any guest device that elects to join the network for the purposes of viewing and engaging with an authentication experience that ultimately provides Internet access. By comparison, a WPA2 password-protected SSID requires that a guest provides a password directly on their Wi-Fi client device before they are associated to the Wi-Fi network and this is less common at a typical BYOD property. Depending on your property type, there’s a good chance that you’re just providing your guests with a captive portal SSID, a WPA2 SSID may not be in use, and therefore no new risks have been exposed.
If you are utilizing a WPA2 password protected network, don’t panic. There are still existing layers of protection that haven’t been undermined. For one, most sensitive information is still sent in a secure cryptographic method utilizing protocols such as TLS (Transport Layer Security) and SSL (Secure Socket Layer). Single Digits Broadband Authentication Platform (BAP) utilizes these methods to keep the user authentication experience secure and most devices will continue to be protected at this layer regardless of this vulnerability.
Take Stock Of Your Network Assets
The vulnerability presents itself in the communication between the guest device and the access point which means that the ultimate remediation will be a combined industry effort between the various Wi-Fi and guest device manufacturers. Single Digits has already begun the process of documenting and implementing the various patches and firmware that have been released as a result of this vulnerability. It’s important to understand which wireless manufacturers are in use at your property and which versions of this equipment are affected. This information is readily available at your fingertips in Single Digits BAP reporting dashboard.
Engage With Your Single Digits Team
Single Digits Network Operations team has already begun the remediation process and will be working with each venue to make the appropriate updates in accordance with the risk at each property. As we’ve pointed out, many properties may not be subject to any additional threats as the combination of use case, manufacturer, and underlying solution technology has already been positioned to mitigate any guest data breaches. If any changes are warranted, a Single Digits NOC specialist will be able to manage the scheduling and provide any implementation details in order to avoid disruption and permanently eliminate any ongoing threat. These maintenance processes have matured over Single Digits 14-year service history and the secure & controlled approach to this type of updates is truly just business as usual.
Director, Solution Architecture
October 17th, 2017