Today CERT released an alert about vulnerabilities, which have been discovered in the protocols currently used to support WiFi. This has the ability to impact all devices that connect to a WiFi network and requires immediate action.
The threat, referred to as KRACK – a Key Reinstallation Attack – allows an attacker to decrypt the data a network user transmits through WiFi. This may allow an attacker to intercept login credentials, cookies and other sensitive information being transmitted across the network.
Advice to schools:
- Ensure all devices are patched with security updates and that automatic updates are enabled.
- Ensure that login credentials and passwords are only transmitted via secure https (Hypertext Transfer Protocol Secure) websites – visible in the top left of the URL search bar.
For more information:
- Review the CERT NZ advisories:
- Contact the N4L Helpdesk on 0800 LEARNING (532 764) or [email protected]
- Follow us on Twitter: @N4LNZ