This week’s revelation about KRACK, a new security flaw in the Wi-Fi Protected Access (WPA-2) standard, has sent mobile device vendors scrambling to come up with patches and, once again, has proven just how vulnerable mobile communications can be. Since WPA-2 is the most common form of encryption used on Wi-Fi networks, most Wi-Fi networks—in cafés, coffee shops, airports, hotels, event venues, shopping centers, homes and others—are vulnerable.
KRACK can allow attackers access to important information such as credit card numbers, passwords, and emails transmitted over Wi-Fi networks, even potentially infecting your devices with malware or ransomware. The flaw opens the door for an attacker on the same wireless network to launch key reinstallation attacks (KRACKs). With WPA-2 implemented on wireless access points and mobile devices, either end of the communication can be affected. And as we’ve learned, KRACKs can be especially deadly to Android devices.
KRACKs give attackers a way to intercept and decrypt data flowing between a wireless device and Wi-Fi access point. Once an attacker has KRACKed the Wi-Fi network, they can read data being sent and received from users’ devices. The attacker can inject malware or fake data into websites, deploy ransomware, and even hijack entire data streams—all tactics that certainly put individual privacy at risk, but can also compromise sensitive data with impunity.
Enterprises with mobile workforces and mobile apps seem to realize how much risk public Wi-Fi networks can plague their operations. The iPass 2017 Mobile Security Report compiled responses from 500 enterprises in France, Germany, the UK, and US and found that 93% of respondents are concerned or very concerned about the security risks posed by mobile workforces. In fact, 68% of organizations surveyed have banned the use of Wi-Fi hotspots and an additional 14% plan to ban their use.
iPass also reported that C-level executives are at the greatest risk—by far—because they are often out of the office, work long hours, and have unrestricted access to the most sensitive company data. At a minimum, that finding is beyond unnerving just thinking about the scope of business ramifications. An attacker only needs to KRACK the connection for one executive to intercept a wealth of data to trigger a series of irreparable consequences for a company’s customers, partners and employees.
Secure with Certainty
Even though they recognize the risk, enterprises haven’t yet found simple, effective ways to protect mobile applications and data, especially in light of these newly identified Wi-Fi vulnerabilities. Patching devices offers a quick fix, but no one can ensure that access points in all public Wi-Fi networks are patched, even if the user’s mobile device is. When mobile devices and access points can’t be secured with certainty, the apps always can be—and that’s where Blue Cedar’s technology thrives.
Blue Cedar injects a full IP stack, IPsec client, secure web stack, and FIPS-compliant crypto module into any app. Not only does Blue Cedar encrypt data written to the device, it also encrypts data in transit through secure microtunnels. It even enforces app-specific policies around authentication, data sharing, and device posture.
So even if an attacker KRACKs the international airport’s Wi-Fi network where your CEO is waiting to change planes, the attacker would still have to decrypt an additional layer of Blue Cedar encryption in your mobile apps. This significantly increases your security odds.
It only takes a few minutes to secure apps with Blue Cedar and they’re protected everywhere, for any user, on any device. Wherever your employees use Wi-Fi, your enterprise mobile apps are always secured by Blue Cedar. Learn more about Blue Cedar here.