Earlier today an announcement was made of a serious security vulnerability in a protocol that encrypts almost all WiFi traffic today. An attack against this vulnerability exposes all encrypted wireless traffic for an attacker to read, record, or possibly manipulate. The vulnerability exists on all unpatched platforms and wireless access points, although testing by the people who discovered this vulnerability shows that Android phones and Linux and BSD computers are the easiest for hackers to exploit.

To exploit this vulnerability, a hacker needs only to be within receiving range of the unpatched WiFi device. This means that exploits pose the biggest threat to large institutions with wireless networks, and to people living in apartments using WiFi on their internet routers. Some security experts advise that until your devices are patched, you disable or stay off WiFi networks; however, we realize that this advice may be impractical in many cases. Until your own mobile device and access points are patched, consider staying off at least public WiFi networks. And until your devices are patched, consider encrypting your WiFi traffic by additional means and protocols: e.g., https, vpn, and ssh.

And in any case, you should apply security patches to all your devices as soon as they become available.  Given the severity of this vulnerability, vendors are working to quickly release patches for it.

Written by CNS OIT staff
Questions or comments? The best and easiest way to contact us is via the CNS Help Desk form.