Wireless Vulnerability

Oct 18 2017

Summary:
A serious flaw was discovered in WPA2 protocol that allows individuals to perform man-in-the-middle attacks on WPA2 enabled wireless networks.
 
What does it mean?
Wi-Fi Protected Access II (WPA2) is a modern and widely used security protocol to protect and secure wireless networks.  Earlier this week, a group of researchers have disclosed a major security flaw of the WPA2 protocol known as called KRACK (Key Reinstallation Attack). With this vulnerability, attackers within the wireless range of vulnerable devices are able to decrypt wireless traffic, such as non-encrypted browsing and email content, and to inject malicious content into the network.
 

How does it work?
For technical information, visit:  https://www.krackattacks.com/
or https://papers.mathyvanhoef.com/ccs2017.pdf
 
What is affected?
All wireless devices are potentially vulnerable to this attack.
 
What is our status?
Our wireless vendor, Fortinet, has released a PSIRT Advisory of this attack on their web sitehttp://fortiguard.com/psirt/FG-IR-17-196.  The University Wireless Infrastructure is not vulnerable to this attack at present time.  We will will work closely with the vendor to apply all necessary patches once they are available and relevant to our deployment.
 
What should you do?
It is recommended that all users patch / update their wireless devices, including but not limited to Windows, OSX, Linux, Android, and iOS, as soon as updates are available from the respective vendors.

information security