A WiFi security loophole has been found
My WiFi is secure because it's encrypted, or so I thought. Most modern WiFi networks are secured, we know this because we have to use a password to connect to them and we are told that the connection is encrypted.
Wrong!! A flaw was discovered this week by Mathy Vanhoef, and published here explaining the details of the vulnerability and how it could be exploited.
The weakness was discovered in the WPA2 standard itself and so can be exploited on the majority of modern WiFi networks where the client devices are running the popular Android or Linux operating systems. Microsoft released a patch on October the 10th to fix this issue in Windows operating systems (now is a good time to run your windows updates please everyone).
The attacker set's up a cloned identical WiFi network including an SSL strip tool that de-crypts information transmitted in a secure web browser using HTTPS. With that, the 'man-in-the-middle' attack is ready to harvest your sensitive information.
What can you do to prevent this?
Now is the time to update the firmware on your WiFi access point or router. Don't delay, check on the manufacturers website or cloud management portal to see if an update is available.
If you need assistance with the update or are not sure how to check the firmware, please contact us at Cactus IT and we will be happy to help.