Alert: KRACK Vulnerability

A vulnerability named “KRACK” was made public earlier this week that could potentially affect many wireless users. KRACK, which stands for Key Reinstallation Attack, is a flaw in the way the Wi-Fi Protected Access II (“WPA2”) operates. WPA2 is a widely used security protocol that is designed to protect wireless communications. When a user first attempts to connect to a wireless network, a handshake occurs where a password is exchanged for permission to connect. According to the researcher who discovered the vulnerability, malicious agents can utilize the flaw to potentially hijack connections and eavesdrop on the connections between the devices. However, there have been no reports about this vulnerability being utilized by hackers.

What is Information Technology Services doing for this?
Luckily, the United States Computer Emergency Readiness Team (“US-CERT”) has known about the vulnerability for quite some time, which has allowed vendors to prepare patches before the vulnerability was made public. Many vendors have begun to release patches, including Microsoft Windows, who released a fix on October 10th. While newer versions of iOS are considered unaffected, Apple is working on rolling out a software update for macOS, watchOS and tvOS in a few weeks. Android devices are particularly vulnerable and many phone makers are still developing patches with release dates not yet identified.

Information Technology Services will continue to deploy patches and updates to vulnerable devices as they become available. As always, we encourage our users to have automatic updates enabled to ensure patches are installed in a timely manner. If you need assistance, installing updates on your Northeastern devices, please reach out the ITS Service Desk at 617.373.4357.

How can I protect myself off campus?

While many vendors are working diligently to provide patches, it is ultimately the responsibility of the user to install the available updates. Make sure to check for updates on anything that connects to a wireless network, including thermostats, refrigerators and security cameras. Ensuring automatic updates are enabled on all your devices will make sure you receive patches as soon as they are available.

This entry was posted in Uncategorized. Bookmark the permalink. Both comments and trackbacks are currently closed.