News has recently hit that a severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping. It could allow an attacker within range of a wireless network to intercept communications between a vulnerable device and the access point. Researchers have said it affects affects the core WPA2 protocol itself and is effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS and Windows, as well as MediaTek Linksys, and other types of devices and that attackers can exploit the flaw to decrypt a wealth of sensitive data that's normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol.
Chris Barr said, ‘It is important that customers are aware of the possibility of traffic sent over a WPA2 protected network being intercepted and viewed until the update addressing this has been installed. MS has already issued a patch, however some other manufacturers are yet to address this issue. In terms of a risk assessment; The attacker would have to be within physical range of the wireless network, unlike other vulnerabilities such as Heartbleed or Wannacry. Encrypted communications (for example HTTPS or an encrypted VPN) could not be intercepted (unless the hacker has also implemented an SSL proxy on the network to carry out a man-in-the-middle attack – and this would flag up a warning about the SSL certificate on the client). CT does not see this as a massive risk, after all, vulnerabilities such as Heartbleed could be exploited from anywhere in the world and there were no mitigating factors such as HTTPS.
If you have any concerns or questions on this security flaw, please do not hesitate to get in touch with your dedicated Account Manager at CT on 01246 266130.