What’s happened
A researcher has found a way to compromise the most common Wi-Fi security standard which allows an attacker to look at traffic on the network, and in some cases, manipulate the data.
What’s affected
Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks
The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available.
In general, any data or information that the victim transmits over Wi-Fi can be decrypted.
What are we going to do
Resolving the security problem is likely to involve applying security update to routers. Consider IT will actively manage and maintain the security of your network as and when a patch becomes available.
In the meantime, it comes down to risk management. Do you want us to disable Wi-Fi company-wide? Do you want to continue using Wi-Fi for the foreseeable.
On the basis that users on Wi-Fi stay vigilant for websites that should be over HTTPS (the green padlock), our risk analysis shows that this is a moderate to severe risk. The likelihood of being attacked is low.
Our recommendation is to stay alert to your browsing habits. Make sure that where possible the device has Wi-Fi disabled and is cabled in. Should a website you expect to operate over a secure connection (HTTPS green padlock) fails to load or doesn’t establish that secure connection, the user raises it as a priority.
More Details
Computer security expert from the University of Surrey Prof Alan Woodward said: “This is a flaw in the standard, so potentially there is a high risk to every single wi-fi connection out there, corporate and domestic.
“The risk will depend on a number of factors including the time it takes to launch an attack and whether you need to be connected to the network to launch one, but the paper suggests that an attack is relatively easy to launch.
“It will leave the majority of wi-fi connections at risk until vendors of routers can issue patches.”
Dr Steven Murdoch from University College, London said there were two mitigating factors to what he agreed was a “huge vulnerability”.
“The attacker has to be physically nearby and if there is encryption on the web browser, it is harder to exploit.”
