As revealed on October 16, 2017, at https://www.krackattacks.com, security researcher Mathy Vanhoef has discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim could exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers could use this novel attack technique to read information that was previously assumed to be safely encrypted. This could be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. At the time, it was known that the attack worked against all modern protected Wi-Fi networks. Depending on the network configuration, it may also be possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

The weaknesses were in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 was likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it was most likely affected. During the initial research, the researchers discovered that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.

Since October 16, 2017, many vendors and manufacturers have released updates to their software and/or hardware to patch these security weaknesses. Please keep all your systems patched frequently with security updates issued by the manufacturer, so that when they do provide important updates, your systems will receive them immediately.

At Texas Tech University, the Telecommunications and Enterprise IT Security teams are aware of and addressing any vulnerabilities that may exist.