Cybersecurity researchers identified a serious flaw in the WPA2 security standard that protects most modern WiFi networks. The flaw allows bad actors to break the security model and steal data passing between your devices and the vulnerable wireless network. Because the flaw is in the standard itself and not in a particular model or type of wireless networking device, the vulnerability affects computing, networking, and IoT devices that have WiFi capability.
Risk Profile
The risk profile of this vulnerability is low for three reasons:
- Any hacker would have to be within the range of the wireless network you are connected to, which limits the scale of exploitation.
- Researchers notified device manufacturers several weeks before publishing their findings, giving manufacturers time to develop patches.
- If the information you are sending across the network is encrypted using HTTPS, as most modern web traffic is, the hacker cannot decrypt the data they intercept.
However, we can be sure cyber attackers are actively building tools that will enable exploiting this flaw more effectively and at scale. Please follow the recommendations below to ensure you are protected.
What Should You Do?
- Update all computing devices with the latest security and OS patches
- Update all WiFi networking equipment and WiFi connected IoT device firmware
- Separate your organization’s wireless network from the wired network until wireless networking equipment is patched
