Global Wi-Fi Flaw: What the ISU Community Needs To Know


If you read any tech websites besides Android Police, you may have already heard about 'KRACK.' That's the name for a serious security vulnerability that affects virtually every device supporting Wi-Fi connections - including Android.

A newly discovered flaw in the widely used Wi-Fi encryption protocol could leave millions of users vulnerable to attacks, prompting warnings Monday from the United States government and security researchers worldwide.

Security researcher Mathy Vanhoef at KU Leuven discovered a critical vulnerability in WPA2, which was published earlier today. The attack method works against all modern protected Wi-Fi networks, the researchers said. "This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on".

As for Android devices, Google says that anything running the November 6 2017 security patch level will be protected. Any user of equipment using Wi-Fi should ensure that it is updated correctly and often, which should resolve the issue. This allows the hacker to see most internet traffic, except data sent over HTTPS.

"For most people, just making sure you patch your devices when you can is probably the right answer", says Nikita Borisov, a professor at the University of IL at Urbana-Champaign known for his role in finding security flaws in earlier Wi-Fi systems.

Here's an overview of what to know about the vulnerability, and how you can protect your devices.

"Given the complexity of updating smart devices such as mobile phones, CERT NZ also strongly recommends disabling Wi-Fi when it isn't required", it said in its advisory. ISU's Wi-Fi network is up to date eliminating the risk while on the campus Wi-Fi. But the list of affected products could be a long one: The flaw affects a WiFi encryption protocol known as WPA2 that has been standard since the mid-2000s, leaving consumers on the hook to seek out and install software updates.

"That's my guess-that if somebody uses this it'll be a TJ Maxx kind of thing, not somebody coming after your home router", he says.

Some operating systems are worse affected than others, however.