[IGPP Everyone] [EPSS Everyone] New Wifi Vulnerability

SALYARDS, STEPHEN salyards at epss.ucla.edu
Wed Oct 18 13:22:02 PDT 2017 

Greetings,
  You may have heard about a recently discovered vulnerability in the Wifi systems most of us use on our phones, tablets and laptops. It goes by the creative acronym KRACK and allows someone to force an encryption reset of your signal so they can steal the encryption key and therefore decrypt your communications.

That is a one-line description. If you want more details there is a website devoted to it which begins with some fairly detailed technical info, but jump down a ways and the Q and A section addresses most of what you are probably wondering in readable detail
https://www.krackattacks.com/

Some important points to know

*         This is a vulnerability in the WPA1 and WPA2 encryption system so virtually all wifi systems that use these encryption methods should be considered vulnerable at this time. This includes our eduroam network as well as any legacy earthandspace wifi signals. Since phys-sci open is not encrypted it is not affected but remember that it is an open signal.

*         The vulnerability is with the wifi encryption only, so if you use https, SSL or TSL on email, and ssh that all provides another layer of encryption which is not affected by this. The same applies if you are running a VPN on your device.

*         If you use your phone when a wifi signal is present you might want to turn that off as the phone's data signal over the phone connection is not vulnerable to this.

*         There is a fix that vendors will need to roll out that can resolve this problem by patching only one end of the connection and not both.

There is a lot more about this but these are the most important points. Keep an eye out for patches from your manufacturer that will fix this problem.

As always, if you have questions, please let me know.

Take care
Steve Salyards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igpp.ucla.edu/pipermail/everyone/attachments/20171018/427651ea/attachment.html>
-------------- next part --------------
_______________________________________________
Everyone mailing list
Everyone at dept.epss.ucla.edu
http://dept.ess.ucla.edu/mailman/listinfo/everyone

More information about the Everyone mailing list