Nasty KRACK

This week’s networking crisis is that black-hats have found another way to violate your privacy. Called the KRACK exploit, it allows hackers to spoof WiFi protocol so as to break its encryption and read your traffic.

It’s worth pointing out that this is not just a zero-day bug in some manufacturer’s implementation—it’s a defect in the WiFi standard itself, and all WiFi (802.11) encryption is vulnerable to it. It does require a hacker to be close enough to have physical access to your radio signal.

We wanted to let you know what we were doing about it, and also what you should be doing about it yourself.

Our router vendor, MikroTik, had a fix available for this exploit on the day it was announced. We’ve already begin the process of rolling this update out to all our networking equipment, most of which is unaffected in any case because it uses protocols other than standard WiFi. (This update process, which happens automatically in the wee hours, may cause a handful of subscriber units to hang; if you experience this problem, simply power-cycle the roof unit as described in your subscriber manual.)

However, your own home WiFi access point or router is customer-owned equipment which does not participate in this roll-out.

If you are one of the subscribers for whom we supplied a MikroTIk in-home WiFi unit, you should take some simple steps to update it to apply this fix.

Log into your WiFi unit by directing your browser to 192.168.10.2. (Note that this ends with 2, and not 1—if you browse to 1, you will be browsing to your roof unit, which won’t accept your password.) You should see a screen like the following:

Enter your personal administrative user ID and password on this screen. (This is not your “WiFi password”—it is the administrative password written in your subscriber booklet.)

Once logged in you should see this screen. In the left-hand column, choose System, and then Packages:

You should see a screen resembling the following.  (Yours may show a release earlier than 6.38.7.) Click “Check for updates.”

You should see a screen similar to the following:

Make sure the “channel” pulldown says “bugfix only.” You should see “6.39.3” as the “Latest Version.”  Click “Download & Install.”

Your unit will download the update and then reboot. That’s all there is to it—you are now safe from KRACK.

If you have a larger property in which we installed more than one MikroTik WiFi access point, you will have to repeat this process for each unit, using the addresses 192.168.10.3, 192.168.10.4, etc.

If you have a home WiFi unit other than a MikroTik, you can call the manufacturer for instructions on how to secure that unit from KRACK. If no fix is forthcoming and the exploit concerns you, contact us to replace your unit with one of our MikroTik units.

Leave a Reply

Your email address will not be published. Required fields are marked *