October 18, 2017

A security researcher recently discovered a serious WiFi security weakness that could allow attackers to intercept sensitive data being transmitted while connected to Wireless Access Points from any mobile device (laptop, smartphone, tablet). Known as KRACK (Key Reinstallation AttaCK), it may allow attackers within range of a vulnerable device or access point to intercept passwords, e-mails, and other data unless it is protected by SSL. In some cases, attackers may be able to inject ransomware or other malicious content into a website a person is visiting. More information on WPA/WPA2, the security standard that protects all modern WiFi networks, and this flaw is available at What You Should Know About the ‘KRACK’ WiFi Security Weakness.

What Cedarville Information Technology is doing:
Cedarville University Information Technology will deploy Windows updates that include the security patch on Thursday afternoon to university-owned devices. Windows systems will receive the updates when they connect to the Cedarville network. Macs will receive updates when they are released by Apple.

What do you need to do?
Faculty and Staff should shut down or reboot their Cedarville desktop and laptop computers at the close of business on Friday or over the weekend. This will enable the patches deployed by Information Technology to take effect.
Everyone should update their personally-owned mobile devices that connect to WiFi (laptops, smartphones, tablets) with the latest security patches as soon as possible. Android-based devices are especially vulnerable. Additional information on affected devices is available at the Vulnerability Information Database.

Posted in: