This week, a vulnerability in many WiFi networks was discovered; it's called KRACK (Key Reinstallation Attack). KRACK is a flaw in the WPA2 protocol, which is the current best practice standard for securing WiFi connections. If someone exploited the KRACK vulnerability, they could gain access to any personal information that you share online.
While the University infrastructure is protected against KRACK, client devices may be vulnerable if they are operating on outdated software. However, you don't need to unplug your computer and go off the grid to stay safe. You can easily mitigate the KRACK risk by following these steps:
Update your devices:
Vendors were informed about the KRACK vulnerability in summer 2017, and they are working on security updates. The most proactive step you can take regarding KRACK is to update your devices. Take advantage of that top-notch security by ensuring your phone, tablet and computer are all operating on the most up-to-date software available, and regularly check for future updates.
You can check when your vendor upgraded their software with CERT's Vulnerability Notes Database. The list is organized by date of patch; to find your vendor, press control+F and search their name.
Secure your home WiFi:
To ensure your home WiFi network is secure, update your Internet modem or wireless access point to the latest software and firmware, along with all your home devices. Instructions will vary depending on your hardware, so if you're unsure how to perform an update, call your Internet service provider for assistance.
Always check for HTTPS:
The "s" at the end of https stands for "secure." Before you share any personal information online, including login and password information, make sure the website you're on begins with https. Take it a step further by downloading the IST-recommended extension HTTPS Everywhere.
When it comes to building cybersecurity, people are our most valuable tool. Staying vigilant and informed doesn't just protect you from risk: it protects the entire University community. To find out more about KRACK, visit KRACK WiFi Vulnerability: What You Need to Know on the CISO website.