Get in Touch

You have probably heard about the latest vulnerability that affects most modern wi-fi networks.

The possible exploit is called KRACK.

The vulnerability is related to a discovered flaw in the WPA and WPA2 encryption protocols used by most modern wi-fi access points.

WPA and WPA2 (Wi-Fi Protected Access II) are also currently used as a security layer so only authorised devices can connect to your w-fi network

In simple terms, an attacker can adopt a man-in-the-middle position on your Wi-Fi network. They could force access points and client devices to reinstall a different encryption key.The KRACK attack then allows an attacker to intercept wi-fi traffic,.

A criminal could then not only decrypt network traffic from a victim's device on a WPA/2 network, but also hijack connections. In some cases inject malware or ransomware into unencrypted websites you are trying to visit (those not using SSL). Users could also be redirected to malicious websites.

What does this mean for you?

  1. Don’t panic. No, you do not need to turn off your Wi-Fi network. There have been no known attacks taking advantage of this vulnerability - yet.
  2. An attack would have to be very sophisticated using special hardware on-site. This limits the potential for concern.
  3. Disable the 802.11r protocol on your access point as it currently has a particular sort of vulnerability.
  4. Implement Best Practices.
    1. Your IT Support provider should already be installing the right firmware updates from your vendors as they become available. You must update both sides of the wi-fi connection - your "client" device (smartphone, laptop, tv, etc.) and the Wi-Fi Access Point (AP) you are connecting to.
      1. Note some clients Android 6 and Linux devices are more susceptible than others.
    2. Schedule a regular audit of your Wi-Fi network to ensure best practices are being applied.
    3. Enable Rogue Detection on your Access Points. This is a feature which detects and blocks devices pretending to be authorised.
    4. Separate Your Business wired network and your Wireless network.
    5. Implement RADIUS technology for more robust security authentication on your corporate network.
  5. Finally, until you are updated, only use sites and services that use HTTPS as they encrypt data from your web browser to the server and back.

 

Traditional ransomware like WannaCry has been explained a thousand ways on a thousand blogs. But one thing you may not have thought about is what ransomware would be like if it infected your mobile device. Read on to learn more.

How does ransomware make it onto your Android device?

Like its desktop equivalent, mobile ransomware needs to be installed on your device before it can do damage. For Android devices, this means mobile apps that hide their true intent. There are two ways to install programs on your mobile device: downloading them from app stores like Google Play and Amazon Appstore, or downloading them directly from websites and email links.

Surprisingly, both come with risks. Unverified sources often advertise free apps that hide malware, and the best of these can occasionally avoid detection and be allowed into monitored app stores.

What does mobile ransomware look like?

Similar to ransomware on personal computers, mobile ransomware holds data stored on your device hostage and demands ransom. For example, in the case of a ransomware that came with the "OK" app, a popular Russian social network platform that was infected earlier this year, a user is prompted to change device settings. There is no option to close the prompt and tapping Accept locks everything down and leaves you with nothing but a ransom note.

How to protect yourself from mobile ransomware

First and foremost, avoid downloading apps directly from websites or third-party app stores. Additionally, make sure you turn on Google’s security system -- Verify Apps -- which scans all the apps about to be installed on your device for potential threats. You can do so by opening your Android's settings, choosing Security, tapping on Verify Apps, and activating ‘Scan device for security threats’.

Second, install antivirus software on your device and keep it up to date.

Third, back up important files from your device to either a USB disk, a computer, or any cloud-based services. This way, you won’t lose your valuable data if you are forced to factory-reset your device.

Last, if ransomware made its way into your device, don’t pay. According to IT security company ESET, mobile ransomware very rarely includes programming to reverse the damage it has done.

Losing any type of data is an enormous inconvenience, but businesses need to be especially careful about careless employees. Data loss could result in lawsuits or regulatory fines, so it’s important that you know how to safeguard your Android against ransomware.

For more in-depth advice on how to protect yourself and your business from this threat, get in touch with our experts today.

Published with permission from TechAdvisory.org. Source.
Sales
Support
Email
SHOPCUSTOMER SUPPORT CENTREEMAIL SUPPORT
Sensible Business Solutions © 2021 All Right Reserved
Privacy Policy
magnifiercrossmenuchevron-down