Cliniko, KRACK and WPA2

A serious weaknesses in WPA2 (a protocol that secures all modern protected Wi-Fi networks) has been discovered. An attacker within range of a victim can exploit this using key reinstallation attacks (KRACKs).

Attackers can use this attack technique to read information sent over WiFi that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and more. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

Websites and web applications with properly secured SSL certificates are still protected as they provide their own encryption and do not rely on the security of WPA2. Cliniko has SSL properly configured and is not vulnerable even over WPA2 Wifi. It is important to note that not all SSL/HTTPS sites are completely secured from this.

Aside from Cliniko, we understand it’s possible you do other things on the internet too. What can you do to stay safe? Since it’s not actually the WPA2 protocol that will be fixed, you’ll need to get updates on your own devices (e.g. your phones, tablets and computers). As patches (security updates) are made available for Android, iOS, Windows, macOS, Linux, etc., install them as soon as you can. You should be prompted for them on most devices.

It you have any questions, please let us know.

More detailed information on the vulnerability can be found at https://www.krackattacks.com/