On October 16, 2017, researchers at the University of Leuven released a report regarding vulnerabilities in wireless networking standards: WPA and WPA2. These are the IT industries primary standards and methods for wireless (WiFI) networking communications.
This vulnerability affects a wide range of devices including those running operating systems from Android, Apple, Linux, OpenBSD and Windows.
“Depending on the network configuration, it is also possible to inject and manipulate data,” the researchers continued. “For example, an attacker might be able to inject ransomware or other malware into websites. The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected.”
This vulnerability cannot be exploited remotely. An attacker would need to be in close proximity to the hardware device and the Access Point.
The resolution consists of the creation of software/firmware updates, by hardware manufacturers, for their wireless equipment.
If you are a TCE Company managed services customer, updating of network equipment is included in your MSP agreement, we are already reviewing your environment, and will be reaching out to schedule updates if necessary.