On October 16, researchers at a Belgian University announced their discovery of a new vulnerability called KRACK that can affect any Wi-Fi enabled device. KRACK, an acronym for Key Reinstallation Attack, exploits a flaw in the WPA2 Wi-Fi encryption system, and can be used to steal sensitive information such as credit card numbers, passwords, chat messages, emails, and photos.
Security researcher Mathy Vanhoef of Belgian university KU Leuven uncovered the vulnerability. He describes the danger of KRACK on his website: “This can be abused to steal sensitive information… The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
The effects of KRACK will likely be seen for decades, given that KRACK could affect all aspects of the Internet of Things (IoT). IoT includes fitness trackers, smart speakers like Amazon Echo and Google Home, Bluetooth trackers, Internet-connected vehicles, and other smart devices.
Millions of routers and other IoT devices, such as internet-connected garage doors or security cameras, will probably never be fixed, since they don’t get the necessary software updates like other devices. Oftentimes, the best option is to buy new equipment once patched ones become available on the market.
It’s important to note that many businesses are now employing IoT devices, and that number is increasing all the time.
To protect yourself from the KRACK vulnerability, update your Wi-Fi devices and your router’s firmware when updates become available. Major platforms like iOS, macOS, and Windows have been already patched or haven’t been affected.
KRACK shows the impact of vulnerabilities and the importance of improving basic cybersecurity hygiene.
So, how does this affect insurance agents?
- IoT coverage is available, but isn’t necessarily always covered in cyber policies – so you have to know the needs of the insured and make sure you have coverage that actually includes IoT devices. It’s important to note how a given policy defines terms such as “computer system” or “computer program.”
- Robust, state-of-the-art cyber policies offer broad coverage at very reasonable prices, so there is no reason why your insureds should be without coverage for potential IoT-related losses.
- Potential costs from an IoT hack can include extortion, business interruption, and third-party lawsuits.
For more information about the KRACK attack and cyber insurance, contact INSUREtrust today at 888-932-7475 or [email protected].