New Wireless Security Threat

October 18, 2017

Information security researchers this week discovered a new wireless security standard vulnerability called KRACK (Key Reinstallation Attacks). This vulnerability can enable “man-in-the-middle” attacks, in which any information encrypted with WPA-2, the most common type of encryption used for wireless communications, can be exposed.

Campus is rolling out patches for HSU-managed computers and other devices. To protect your personal devices, we recommend the following:

  • Update your home router, computers, and other devices as soon as you’re notified a patch is available. Be sure to update all devices – both the access point and the computer/tablet/phone must be patched.
  • Always make sure sites you log into and that hold personally identifiable information about you are secure, ie the URL starts with https. This is especially true if you’re traveling and using a public wireless network.

You can read more about KRACK here:
Check whether your manufacturer has released an update to fix KRACK
KRACK Attack Security Flaw Puts Every WiFi Connection at Risk by NBC News
KRACK WiFi WPA2 Vulnerability by Wired Magazine
Flaw in WPA2 Protocol Leaves WiFI Traffic Open to Eavesdropping by Ars Technica

Questions?
Call the Technology Help Desk at x4357. While they can’t actually work on your personally owned devices, they can advise you what you need to do to be safe.

Announcement Approvals: