As Fort Collins’ wireless expert, FRII urges customers to check for manufacturer updates to their wireless equipment following the discovery of a security vulnerability, which affects many modern protected Wi-Fi networks.
To protect our customers against this potential threat, FRII has upgraded all affected services We will continue to closely monitor the situation for any further developments.
This problem was originally brought to light by Belgian Academics Mathy Vanhoef and Frank Piessens of imec-DistriNet, KU Leuven discovered serious weaknesses in the encryption protocol utilized for wireless communication between devices. KU Leuven’s research revealed that its possible to intercept messages and data sent using a common protocol in modern Wi-Fi equipment and mobile phones. Before this, this protocol was thought to be secure.
Who is Affected?
As Vanhoef’s attack is not manufacturer-specific, it appears that every well-known manufacturer is affected by some variant of the attacks, including Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others.
They’ve demonstrated this vulnerability in their proof-of-concept video.
"It's not a screw up where there's a missing semi-colon somewhere or a line of code that was overlooked," said Martin Hamilton, who has a background in cybersecurity and is now a futurist at Jisc, in an interview with Wired UK. "It's a fundamental problem in the design of WPA."
The attack hinges on the 4-way handshake of the WPA2 protocol, during which the attacker can trick the device into reinstalling one of the encryption keys already in use to access data transferred by the user.
What Does This Mean for Wireless Security?
However, while KU Leuven discovered a serious weakness, it’s not all doom and gloom.
“With many eyes, bugs often become much smaller or can be mitigated against much more easily,” Hamilton told Wired UK.
The WPA2 protocol’s wide use is also what allowed the flaw to be found before it was used maliciously. Early fixes of the problem have already been released by Ubiquiti Networks and Unix-based operating system OpenBSD.
Vanhoef and Piessens disclosed the WPA2 problem to vendors in July 2017 and CERT notified its 100 American organizations of the issue at the end of August.
Questions? FRII has the answers.
As a leading Fort Collins wireless internet provider, we can help answer your questions on updates needed moving forward. To learn more about our offerings and connect with your team, use the Contact Us form on our website, stop by our facility or call us at 800-935-6527.