Subject: DHS warns of widespread Wi-Fi network security vulnerability

AlertsUSA Logo - Allow Images
SMS Alert Text:

DHS warns Wi-Fi WPA2 connection protocol no longer secure. Home, work and public Wi-Fi access points now vulnerable to snooping. See email for more info.

Supplemental Info:

The DHS/US Computer Emergency Readiness Team (CERT) issued a warning this morning that literally every Wi-Fi connection is potentially vulnerable to an unprecedented security flaw that can enable hackers to steal sensitive data passing over the network, including passwords, credit card numbers, chat messages, emails, photos, etc...

This "key reinstallation" vulnerability in the Wi-Fi Protected Access II (WPA2) security protocol exists on all modern protected Wi-Fi networks and devices, including Android, Apple, Linux, Windows, OpenBSD, MediaTek, Linksys, and many others.

The vulnerability exists within the Wi-Fi standard itself, and not within individual products. This means that any correct implementation of WPA2 is likely affected.

WHAT NOW ?

First, here is some general guidance that should always be followed:

1. Make sure you have a password on all personal Wi-Fi networks such as in your home or if you use your mobile device for wireless tethering.

2. Try not to connect to unsecured Wi-Fi networks such as those provided in hotels, coffee shops and other public spaces. 

3. If you frequently use unprotected Wi-Fi networks, DISABLE the AUTOCONNECT option for that pathway. 

VULNERABILITY-SPECIFIC GUIDANCE

A. Pay close attention to your email and other communications from your cable / internet service provider. Patches correcting this vulnerability have been or are in the process of being prepared by hardware manufacturers and internet service providers.

B. Update the firmware of your router(s) and all other wireless devices when security updates are made available. DO NOT IGNORE THESE UPDATES. Check who makes your router or with your internet service provider and try their website to find out how to patch it. You may also wish to proactively reach out to the respective customer service groups and inquire about patches and security updates for the "WPA2" vulnerability.

For more specific technical information about this vulnerability, see the resource links below:

DHS/CERT Vulnerability Announcement

https://www.us-cert.gov/ncas/current-activity/2017/10/16/CERTCC-Reports-WPA2-Vulnerabilities

DHS/CERT/CMU Detailed Vulnerability Note

https://www.kb.cert.org/vuls/id/228519/

Detailed Research Paper on the Vulnerability (PDF DOCUMENT)

http://papers.mathyvanhoef.com/ccs2017.pdf


Service Notes:

This email message is a component of the AlertsUSA Homeland Security Threat and Incident Notification Service for mobile devices. You have paid for this service and are encouraged to archive these messages.
Service Issues? Let Us Know
service@AlertsUSA.com

Discount Subscription Link (share w/ friends):
http://AlertsUSA.com/discount.html

Threat Journal Newsletter:
http://ThreatJournal.com

Connect With Us:
Twitter: https://twitter.com/ThreatJournal
Facebook: https://www.facebook.com/ThreatJournal

LikeTwitterPinterestGooglePlusLinkedInForward
AlertsUSA, Inc, 29488 Woodward Ave #423, Royal Oak, Michigan 48073, United States
You may unsubscribe or change your contact details at any time.

    This is an online snapshot of a newsletter created by the owner of AlertsUSA (AlertsUSA, Inc, 29488 Woodward Ave #423, 48073 Royal Oak, United States) and sent via GetResponse on 2017-10-16. Report abuse