Skip to main content

Vulnerability in Wi-Fi Connections

VUIT Security Advisory: Vulnerability in Wi-Fi connections

Vanderbilt IT would like to bring the following information to the technical community’s attention, especially those who use Wi-Fi often.

A vulnerability has been identified in all modern implementations of current wireless encryption standards (WPA and WPA2). A cyber attacker within range of a vulnerable client can exploit these weaknesses using key re-installation attacks (KRACKs) and obtain access to information that was previously assumed to be safely encrypted. As a result, cyber attackers can steal sensitive information, such as credit card numbers, passwords, chat messages, emails, and photos.

Microsoft has released patches to address this vulnerability on supported versions of Windows. Customers who have applied the Windows security updates released on Oct. 10 are not vulnerable to this attack.

If you have not applied the patch from Oct. 10, VUIT Security Operations highly recommends that you patch all supported versions of Windows. Patches for other operating systems are not yet available. Until these patches are released, use a wired internet connection instead of Wi-Fi when possible.

VUIT Security Operations is contacting security partners and vendors to provide the appropriate security controls so that VUIT can detect any attacks. If you feel that your system has been compromised, please call the help desk at (615) 343-9999 or submit a high-priority Pegasus ticket.

 

Sources and References:
https://www.krackattacks.com/
https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-security-patches
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080