The end of the world as we know it?!
By now you’ve no doubt heard all about the new wireless network vulnerability known as KRACK. We’re inundated with media coverage of this protocol-level vulnerability that affects nearly all devices. The snappy logo and video of the vulnerability’s proof of concept are everywhere.
So. Is this a critical emergency that you need to drop everything to deal with?
Honestly… no. It’s important, and it’ll have some lasting impacts, but it’s not an emergency. And meanwhile Adobe has announced a critical security patch for an actively-exploited flaw in Flash. Now that may qualify as an emergency situation. Seriously, if you still use Flash, go patch that one right now. Better yet, now’s a great time to just remove it from your computer entirely.
But let’s go back to KRACK for a minute. The short-short version of the issue is that any secure wireless network can be compromised if there’s an authenticated but vulnerable endpoint on the network – even if the network itself isn’t vulnerable. That’s a very big deal, with implications that will have impacts on us for years. But… there’s no current, active threat, no virus or worm spreading across the internet, no one’s using this to steal your information.
What it means in the short term is the same thing all of these events mean – you should keep your devices up to date on their security patches. Don’t put it off, don’t let them pile up, stay up to date. Think of it like taking out the compost or brushing your teeth – might not be your favorite part of the day, but it needs to be a part of your routine.
In the longer term, this is one of those security issues that isn’t going to go away any time soon. The nature of the vulnerability means any network with vulnerable devices is a risk, and there are simply too many WiFi-connected devices out there to believe we’ll ever patch them all. Sure, your computer’s up to date – how about your printers? Your appliances? Your thermostat? Your speaker system? Your salt shaker? (No, seriously, that’s a thing now.)
We’re going to need to spend time talking about trustable networks, and protecting your data, and probably even things like segmenting networks into trusted and untrusted zones. But there’s time, and it doesn’t need to be done all at once. For now, just make sure your devices are staying up to date, and stop worrying about this particular threat.
And don’t forget the patch for Flash.