Be aware of KRACK flaw affecting WiFi devices

Devices that use WiFi are vulnerable to a newly discovered and serious flaw, dubbed KRACK, in a commonly used wireless security protocol, WPA2.

Even on correctly configured wireless networks, attackers can potentially use KRACK — short for Key Reinstallation Attack — to read information that was previously assumed to be safely secured. WiFi access points as well as devices are impacted by this significant weakening of these wireless security protections.

How it works 
Devices can be tricked into installing an encryption key that allows for some or all wirelessly transmitted data to be read.

What to do 

  • Limit any potentially sensitive activities performed on wireless networks, or utilize the UAB VPN as a way to protect communications when on wireless at UAB or at home. 
  • Use wired networks if possible.
  • Update all wireless devices to address the vulnerability. This will depend on vendors creating and releasing the updates for various devices, including routers and access points as well as phones, tablets and laptops.
  • Ensure any activities on that must be performed on wireless networks are done via secure channels (HTTPS websites, SSH, S-FTP). Avoid unencrypted channels such as HTTP websites, Telnet, FTP.
  • Watch for suspicious individuals in a close proximity to your wireless network.