Wi-Fi networks have a major issue released this week. Specifically around secure Wi-Fi connections using WPA2 security.
WPA2 has a security flaw that puts almost every Wi-Fi device at risk of hijack, eavesdropping. We are in the process of reviewing and scheduling required firmware updates for access points. But all Wi-Fi devices will be effected by this one not just access points. So phones, tablets, laptops, desktops, etc.
Here’s an official website giving some technical details about the issue. krackattacks.com
What’s interesting is their demo video about 3:45 into the video, they show you how they can capture your password with this hack. They used an Android device in this demo to attach to a WPA2 n Wi-Fi network. Which BTW is a very common thing this day. Android attacks seem to be the easiest to attack right now but ALL devices will be effected by this find!
OK so all this tech stuff what does this mean for a clinic or hospital? All devices that are Wi-Fi connected or will need to be patched at some point. You should be able to obtain a patch by the manufacture of the device unless they no longer support the device (Very Old). In that case it will be time to retire the device and get something more secure.
We recommend focusing on your Wireless Access Points as a good starting point to check and assure gets updated to start. Then start to focus on devices that attach to the network like phones, tablets, laptops, desktops, etc and assure they get patched. Many manufactures don’t even have a patch at the time of this writing 10/16/2017 6:35pm MST as it will take some time for them to issue a fix. And again some won’t even issue a patch if it is old.
We are waiting for our firewall partner Sophos to release firmware that will address this issue this week. Once it is released we will start to roll this out to assist with protection from the access point end. This way at least the devices that controls the connections can’t be hacked. But the other end will still need to patch (i.e. the device using the access point) to really protect.
Should you need assistance with identifying if a patch is available for your access point or other Wi-Fi technology, we would to help. Just use the “Contact” Link at the top of this page and we will be happy to assist you identify and remediation of this security issue. 303-520-3733 is our main line.
10/17/2017 – Update. We learned today that Microsoft released a fix to this issue last Tuesday, October 10th via their monthly patch cycle. Please assure you have this latest patch released installed on any wireless capable and enabled Windows machine. This patch was released in a cumulative update that included 25 other updates. We highly encourage you to assure you have this latest patch deployed to all Windows machine as soon as possible