Last Updated On: October 27,2017
Plume is aware of a new vulnerability that targets WPA2 protected WiFi connections creatively called the WPA2 KRACK (Key Reinstallation AttaCK). This issue broadly affects consumer and enterprise networks, including access points and client devices such as laptops and mobile devices (especially those running on Linux or variants of Android).
Is my Plume Network impacted by the newly discovered WPA2 vulnerability?
As part of our ongoing efforts to keep Plume networks secure, we've identified additional ways to make Plume more resilient to this type of vulnerability. We rolled-out a preventative patch to our Pod firmware to all customers. You can find more details in the Plume Software Release Notes article.
What steps can you take to keep your data and devices secure?
- Check for firmware or software updates on all your devices for updates, and apply them promptly. Patches to fix this vulnerability must be provided by the manufacturer of the device, who will be making those patches available in the coming days and weeks.
- Be cautious of entering data on any website not using HTTPS. Check for the locked padlock icon on the URL to ensure the site is secure. If the lock is not closed, then you may be using an unencrypted HTTP connection.
- Do not install unknown Apps or Apps of low reputation on your mobile devices. These can provide a path for hackers.
- Do not install computer software from unknown software providers or software that is bundled with adware.
- Use Ad-blocking technologies on your browsers to minimize the possibility of misuse of your browser.
This WPA2 KRACK attack is only known to attack the use of unencrypted application communications and cannot directly compromise the security of secure websites or secure messaging apps such as iMessage or WhatsApp, and requires close proximity to your Wireless network to leverage.
How do I know if a website is using a secure HTTPS connection?
Here are some useful links to help you understand when a website can be trusted: