Security Article

Vulnerability in WiFi Security

On October 16, 2017, security researchers disclosed a flaw in the WPA2 protocol used to secure wireless communications [1]. More details below:

Impact:

Any product that communicates over WiFi and uses WPA2 to encrypt that traffic is vulnerable. This includes nearly all mobile devices, computers, connected home devices, and wireless access points and routers. Communications between vulnerable devices could be decrypted and hijacked.

Platforms Affected:

All operating systems for clients and access points are affected. If you have a device which uses WiFi, it likely needs to be patched.

Recommendations:

Install operating system patches and firmware updates as soon as they're available to any wireless device. Firmware updates are usually manual and may not be provided for all devices. Because so many devices are impacted, it is not possible list here all patches available. A couple web sites are tracking that information, links are provided below [2][3].

Workarounds:

Use the University of Miami's Pulse Secure VPN when communicating with a vulnerable or untrusted wireless device. This is good practice for any public, unsecured WiFi.


References and Further Reading: