The more techy of you may already be aware of a security vulnerability uncovered in the WPA WiFi protocol. The vulnerability is called KRACK. Unlike most security flaws, this is not a “hole” in a specific implementation of a communications protocol, it’s actually a flaw in the design of the protocol which allows someone with the time and motivation to figure out the keys and access the network, and then proceed to try to read all the data on the network and to penetrate any device connected to that network. It’s going to cause quite a panic and it’s not going to be an easy one to fix.
There was already a high level of concern about the security of IoT (internet of things) technologies. Many have been rushed to market with security as an afterthought and there are countless stories of “smart” plugs, or “smart” door locks etc., which aren’t that smart after all and can be easily hi-jacked.
Kraydel is an IoT device in many respects and we’ve been aware from the start of the need to take security very seriously indeed. Information about people’s health, daily lives, whereabouts etc. needs to be protected. For two reasons: firstly bad people can make use of it for bad purposes, but secondly, your health data is yours – it shouldn’t be accessible to anyone else unless you gave your permission (and you would only do that if there was some benefit to you). That may seem obvious but its not how your data has been treated by many health providers in the past. I have relatively recent memories of my GP referring me to a consultant, and being sent along with a sealed envelope to hand over, and sitting while the consultant read the contents while occasionally glancing up at me across their desk. Very unnerving. I think most of us are now rightly offended at the idea that those who provide our care (paid for by us one way or another) have secret knowledge about us and our condition, and conversely that this knowledge might not actually be kept secret from those who might wish to use it for their own purposes at no benefit to us at all.
The good news from a security point of view, is that WiFi is only the “bearer” of the communication and, as long as the data itself being transported, is encrypted, then hacking a WiFi connection doesn’t in itself compromise the system or the data. Kraydel encrypts all the data in transit using standards that are still regarded as highly secure, so even if we’re using a local WiFi network to connect to our cloud platform, the data in transit is as opaque as sealed envelopes in the post: you can see that there is something being sent, but you can’t tell what it is.
But to conclude – if you manage your own WiFi network router, be sure to look for the firmware updates which plug this hole – it’s a big one.