Search Results

Share Article:

Facebook Twitter Linkedin Mail

Security notification: KRACK

Cyber Security

Posted on October 17, 2017

3 min read

At Telstra we take protecting the privacy and security of our customers and network seriously which is why we’re letting our customers know about a new security vulnerability that we have been made aware of, that could compromise users of modern protected WiFi networks.

The vulnerability, uncovered by university researchers, is named KRACK and it reduces the level of security encryption on a WiFi network. It has the potential to impact enterprise products and consumer devices which connect to WiFi such as mobile phones.
KRACK could be used by someone with ill intent to monitor WiFi surfing sessions and steal a user’s sensitive information or direct the user to phishing and malware pages.
While KRACK is notable, the WiFi Alliance has indicated that there is no evidence that the vulnerability has been exploited maliciously. Furthermore, many security experts agree that there is a reduced likelihood that criminals will exploit it as KRACK requires attackers to be physically located in the same spot as the WiFi network they wish to target. Moreover, many criminals would likely opt for traditional simple attacks like phishing which are effective, scalable, and allow targeting of victims from across the world. This has not been tested by Telstra.
Whilst this may be the case, we still recommend you take steps to protect yourself and your devices.

Help protect yourself now

To help protect yourself against KRACK, we recommend all customers exercise good WiFi security practices. While there is currently no guaranteed defence against KRACK, these measures will reduce your exposure and should be used when connected to any public WiFi.
1. Avoid conducting sensitive transactions like internet banking on public WiFi. Use your mobile data instead.
2. When using WiFi networks check that the sites you visit use HTTPS. Depending on your web browser, you can tell HTTPS is in use by looking to the left of the website address bar for the prefix HTTPS (as opposed to HTTP), a closed lock, or the words ‘Secure’.
3. Avoid open, password-free public WiFi networks such as those at airports. We recommend using the Telstra Air app when connecting to Telstra Air as the app helps protect you from accidentally connecting to a hotspot that is pretending to be part of the Telstra Air Network to unlawfully access your information.
WiFi users should be mindful of web browser warnings such as “your connection is not private” in Google Chrome, “this site is not secure” in Internet Explorer, and “your connection is not secure” in Mozilla Firefox. These warnings may indicate an attacker is attempting an attack which could send users to phishing or malware pages.

Patching: proper protection long-term

Proper protection against KRACK requires technology companies to issue patches in order to safeguard users of their products from this attack.
Microsoft has already issued patches for Windows 8 and Windows 10, and if you use this operating system you should apply the latest updates. Google is creating a patch for its Android operating system. Apple has already developed a patch that it says will be deployed to supported devices soon.

What we’re doing

Telstra is working rapidly with our modem suppliers to determine if any devices are vulnerable. If we determine there is an issue with a specific modem or Wi-Fi device then this can be resolved through software updates; Telstra will first determine which devices could be affected and then where possible update the device remotely to fix the security vulnerability.

Tags:

A new view on communications

Lost and found

Understanding broadband speeds on fixed networks

Cyber Security: Our 24 hour challenge to students isn’t a game

featured Cyber Security

Posted on July 13, 2017

1 min read

 The 2017 Cyber Security Challenge prize-giving has wrapped up with one lucky team (UNSW team 1) heading off to Las Vegas for the globally renowned DEF CON conference.

The Cyber Security Challenge is a 24-hr ‘hacking’ competition where 310 students from 26 university and TAFE students used their offensive and defensive hacking skills to break into a digital system. The theme for this year’s challenge was the Internet of Things (IoT) where virtualised devices were used to access and override sensitive information.

The challenge was designed to see if the students can do what a hacker would do, by identifying and exploiting vulnerabilities inside a digital system.

The Challenge was run by the Australian Government and supported by Telstra, other companies and industry bodies.

We’ve written about the cyber security risks with IoT devices before and continue to take cyber security incredibly seriously for both our customers and our wider business.

Cyber Security Challenge Australia

Find out more about Cyber Security Challenge Australia and encourage interested students from anywhere in Australia, particularly women and first year students, to form teams and get involved in 2018. For more information, contact cyberchallenge@pmc.gov.au

Be careful out there

One starry, starry night…

ISP blocking - our evaluation report

Cyber security: Towards greater collaboration

Cyber Security

Posted on February 24, 2017

2 min read

Today marks the launch of the government’s inaugural Joint Cyber Security Centre, an initiative identified in Australia’s National Cyber Security Strategy.

This private-public intel-sharing centre is designed to co-locate government, business and academic cyber experts to facilitate working together, the sharing of information and the development of new approaches to cyber security.

The launch of Australia’s Cyber Security Strategy in April 2016 by Prime Minister Malcolm Turnbull was a significant achievement. A key theme throughout the strategy was the need for the government and businesses to work together in partnership to drive strong cyber security and ensure our ongoing growth and prosperity in a global economy.

That need is becoming more pressing. New threats and attacks are being seen on an almost daily basis now and the cyber security industry needs to be working together to share and innovate in ways that protect our community.  We have some fantastic Cyber Security capability in Australia – if we can bring together that knowledge, expertise and talent it will have a noticeable impact on our capacity to deal with the threat.

At the same time we need to be finding better ways to share data and intelligence in near real time.  We see this happen well in industry sectors (the finance industry is traditionally very good in this area) but we need to extend that across all parts of government and industry.

There is a therefore tangible need and appetite for the government and businesses to work more closely and share threat information in a timely and actionable way and we welcome the establishment of the first Joint Cyber Security Centre, located in Brisbane, as a strong step towards greater collaboration between businesses and government.

Telstra, as operator of Australia’s largest telecommunications network, understands that the internet and connectivity are fundamental to the lives of all Australians and the ongoing prosperity of our economy, and strong cyber security capabilities to protect this connectivity are critical.

We are excited about the opportunity the Joint Cyber Security Centre presents to share expertise with other big industry partners and government, and are looking forward to contributing to initiatives through the centre that will make a real difference to the online safety of Australians, proactively strengthen Australia’s cyber defences and make Australia a safe place to do business online.

Life without it…

Ransom-Ware-Sophos-blog-header

It’s a scammy scammy world

Online safety is not as interesting as the MX, but both are important to me