A new and serious flaw with wireless networking was announced this morning. We are waiting for companies to provide patches to fix the security risk, and will update the wifi system as soon as they are available. Once the network has been patched, we will send out an email to let everyone know.
What is it? – A flaw in the implementation of WPA2 security (currently the most secure and widely used wifi security) allows an attacker to set up a fake wifi network with the same name as a real wifi network, force your device to connect to the fake network, and they can then capture some or all of the traffic going to and from your device.
Which devices are affected? – Any device that uses wifi can fall victim to this attack. Linux and Android-based devices are especially vulnerable due to their network programming implementation.
How can I protect myself? – In the coming days, most device manufacturers will be releasing updates to fix this flaw. Please update any device you have that uses Wifi connections.
It is recommended that Android devices turn off Wifi and rely on cellular data until the device is updated with a fix.
In the meantime, communications that use encryption will not be readable to an attacker in the event you get attached to a fake network. These encrypted communications include:
- HTTPS websites (banks, credit card companies, major shopping sites like Amazon, etc.) – Look for the lock icon in the address bar of the web browser
- Secure email (Office 365, Gmail)
- Cloud-based file storage (Box, Dropbox, ShareFile, etc.)
- VPN connections (except PPTP VPN)