burgessct - US CERT

WiFi Encryption – Does this vulnerability affect me?

Today, I wrote in Senior Online Safety about how the US Department of Homeland Security’s CERT issued a warning:

WiFi encryption compromised! Update devices now!

Is it fluff or is it real?  It’s real.  You should make sure to accept any security updates to your software or firmware for your routers, phones, or computers which address the vulnerability identified affecting the WiFi Protected Access II (WPA2) WiFi encryption protocol.

Now, what are the odds of this affecting you personally? Pretty low.

The attacker must first be in proximity to your WiFi network — What is your network’s range? If you are like me, that might be as far away as 200-300 feet … within line of sight for most of us. Now if you are a company and in an urban area, and deal with money or personal identification, you might attract the cyber criminal … but … this is not an easy vulnerability in WPA2 to exploit.

What do you do?

Here’s the advice I gave today for Senior Online Safety …

Device manufacturers will be creating software/firmware patches to address this identified vulnerability. When they do, they will be pushing to your devices this security update. Update your device as soon as you receive this update.

The reality is the likelihood your home’s WiFi encryption in your personal network being exploited today is very low, but it is not at zero. The hacker must be within range of your WiFi network to attack your network.

If you are in an urban area, you may be more vulnerable than those who live rural – just from a physical security standpoint, as a visitor to a rural farm stepping within the WiFi network footprint, may be more noticeable, than the individual sitting in the corner of a large coffee shop or in an adjoining building.  By the way, the also must have the technical acumen to pull off the man-in-the-middle attack.

In the interim, if possible, avoid use of WiFi WPA2 encryption by using your mobile network data connection. For those whose only option is the WPA2 encrypted WiFi connection, you may reduce the time available for the vulnerability to be exploited by turning your WiFi off when not in use, and only having it running when you absolutely need to transmit information.

Once you have updated your device, then you should continue to follow our advice on the use of secure WiFi encryption.