PSA Security Breach Announcement for ALL Wi-Fi! Please Read!
From WordFence Security dated October 16, 2017
Severe Vulnerability in All Wi-Fi Devices
This is a public service announcement (PSA) from the Wordfence team regarding a security issue that has a wide impact.
Today is being called “Black Monday” in many information security circles. We have had a major Wi-Fi vulnerability announced that affects absolutely every device that supports Wi-Fi. The vulnerability allows attackers to decrypt WPA2 connections [the Wi-Fi standard for all devices].
A second vulnerability also emerged today [about which the explanation is too technical to share here].
The Wi-Fi vulnerability is being called “KRACK”, which is short for Key Reinstallation Attacks.
Researchers at KU Leuven, a university in Flanders in Belgium, have discovered a way for an attacker to read sensitive information that is sent over a Wi-Fi network using WPA2.
Attackers can use this to steal sensitive information like credit card numbers, passwords, chat messages, emails, photos and more. The attack works against all modern protected Wi-Fi networks.
It may also be possible for an attacker to inject malicious information into the Wi-Fi network. This could include ransomware and malware.
The vulnerability is in the Wi-Fi standard itself, and not in individual products…
If your device supports Wi-Fi, it is likely affected [exposed] by this vulnerability.
What To Do?
The good news is that this vulnerability does not require you to replace any hardware. It is fixable through a software update.
The devices and hardware you will need to update, once patches are released, include the following:
- Desktop workstations
- Mobile phones
- Tablets and e-readers that use Wi-Fi
- Home and office routers
- Home devices like NEST, Amazon Echo and Google Home
- Printers, both home and office, that use Wi-Fi
- Any other device that uses Wi-Fi
Your desktop, mobile and tablet devices will prompt you when an important security update is available. Many may update automatically.
Most devices also provide an option to manually check for updates. We recommend you do that periodically this week so that you catch any updates as soon as they are released.
For routers, printers and other “Internet of things” devices, you may have to sign into the device to manually update the device “firmware.”
For routers, you can contact your Internet service provider for help if you are unsure how to update. You may need to consult the manual of other devices or do a Google search to learn if they are affected.