A recent article posted on InsureTrust talks about a dangerous new “KRACK Attack” and what it could mean for insurance agents. Fortunately, the exploit addressed by the article has not actually been found “in the wild,” which means that it is likely more theoretical (or at least it hasn’t been implemented in widespread use). As the article addresses, many internet of things, IoT, devices will be more vulnerable to this attack because they aren’t regularly patched. However, most IoT devices that aren’t set up for automatic updates can nevertheless have their firmware updated. We would recommend that anyone using IoT devices consult the user manuals to see how the firmware can be updated manually.
Second, and more importantly, people who are concerned about this vulnerability should remember that even if a hacker gains access to a network, much of the network traffic itself is still encrypted through protocols like SSL/TLS. In other words, always make sure that you are using the HTTPS version of a website. Most, if not all, major tech companies, like Google and Facebook, use HTTPS protocol. Also, all reputable financial institutions should be using HTTPS on the portions of their sites that allow customers to access their financial data and account information.
Your internet browser will display a small padlock next to the web browser’s address bar if you are connected to a site that uses HTTPS. You can also look directly at the web address itself to make sure that it says “http://www…” and not “http://www…” If you try to visit a website that should be using “https,” but you are redirected to the “http” version of the website, there is a chance that your device or network has been compromised. Do not login to the website you were trying to access. Have the device checked for malware and do not continue to use that network.