A widespread WiFi vulnerability was revealed on Monday that affects nearly every desktop and mobile device, as well as IoT devices and routers.
According to researcher Mathy Vanhoef,
"This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."
The attack exploits a flaw in the WPA2 security protocol and can "trick" a user into reinstalling an already "in-use" security key.
The US Computer Emergency Response Team posted the full technical details of the hack.
Although many websites are reporting that wifi is broken beyond repair, the scripts to exploit the vulnerability are not yet believed to be in the wild, and most vendors have already released patches.
As usual, you will need to update your devices and install security patches and hotfixes as soon as they are available. Many vendors have already released patches. A current list can be found here, but be sure to check with your vendors.
If you need assistance, we're happy to point you in the right direction. Simply click the link below to contact one of our infrastructure consultants.