17 Oct 2017
Dear Clients,
I write to alert you that there is a new cyber attack against the password setting in the Wi-Fi protected Access 2 which we normally called WPA2.
WPA2 standard was available since 2004 and it is the recommended setup for secured password control of wireless area network everywhere. It is a relatively secure setting for Wi-Fi and is widely adopted.
Over the weekend, a vulnerability was discovered called KRACK (which stands for Key Reinstallation Attack) which targets the handshaking process between a user's device trying to connect the Wi-Fi network. It allows an attacker unauthorized access to the network without the password and open up the possibility of exposing ALL your personal information on YOUR DEVICEs.
The terrifying part is that any implementation of a WPA2 network is affected by this and it is not the access point that's vulnerable. Instead it targets the devices you use to connect to the wireless network. That means your mobile phone, iPad etc. in all sorts of operating systems such as Android, IOS etc. are affected.
The only solution for now is keep monitoring and do not connect to unknown Wi-Fi such as those in the cafe because it takes time for the vendors of both Access points and personal devices to launch their patching software. You should closely observe your device's manufacturers (such as iPhone from APPLE) to see if they have any new updates on their operating systems, if so, please update your device's OS immediately.
Thank you for your attention.
Alan Young
Caritas Information Technology Advancement Centre |
|
