Minister of National Security Wayne Caines has issued a public warning of “a weakness in a security protocol that Wi-Fi devices rely on has put wireless-enabled devices at risk of attack”.
A Ministry spokeswoman said: “The Key Reinstallation Attack, or ‘KRACK’ can allow an attacker within range of a Wi-Fi network to gain access to unencrypted traffic sent over the internet.”
The Government’s Cybersecurity Working Group is now advising the community to take the following precautions:
For the Public:
- Ensure all your devices remain up to date. It may take some months for fixes to be available so turn on automatic updates for best protection.
- Where possible plug devices into a network rather than using Wi-Fi.
- When sending information online such as personal or credit cards information check to make sure the website address starts with ‘https’ or the lock symbol is on in the corner.
- When possible turn Wi-Fi off when not using it. This includes appliances, webcams,TVs and baby monitors.
For Corporate users:
- Follow best industry practice and guidelines. Double check intrusion routes to ensure Wi-Fi does not leave core networks vulnerable
- Update all machines, servers, devices and Wi-Fi routers when advised to do so by manufacturers.
- Minimize public Wi-Fi use. Avoid core IT systems using Wi-Fi if possible.
- Mandate Virtual Private Networks (VPNs) for corporate Wi-Fi users and ensure VPN software is updated too.
- Monitor networks for intrusion. If possible authorize access by Media Access Control (MAC) address.
- Once all the fixes have been delivered, switch off the old insecure Wi-Fi modes and replace devices that are no longer supported.
It was also noted that Minister Caines is the Chairman of the Cabinet’s Cybersecurity Committee.