A recently discovered vulnerability in a common Wi-Fi security protocol could put students at the University of Connecticut at risk, according to an email sent to the university IT community by Wireless Service Manager Vlad Fatu.
“A recent Key Reinstallation Attack (KRACK) breaks the handshake that encrypts the [Wi-Fi] connection,” Fatu wrote. “This new vulnerability affects the university wireless network and targets the devices that use it.”
Fatu said the KRACK vulnerability could be dangerous because it allows third parties to intercept encrypted web traffic.
“When the KRACK vulnerabilities are exploited, the level of data security is roughly equivalent to that of an open hotspot,” Fatu said in a separate email. “Some individuals may worry about using open hotspots and utilize additional security measures, some may not.”
Even though this vulnerability presents a theoretical concern, Fatu said it’s not necessarily an imminent danger.
“There have been no reports yet of this vulnerability being actively exploited and you are safe if your connection has other protection, such as HTTPS or encrypted VPN,” he wrote in the email to university IT.
Fatu said students can take steps to protect themselves from having their wireless communications intercepted.
“The best course of action to address KRACK and security vulnerabilities generally is to keep devices updated with the latest OS vendor patches,” Fatu said.
Fatu said of the ten security vulnerabilities collectively referred to as KRACK, only one affects the access points of UConn’s Wi-Fi.
“That vulnerability only exists when a certain feature is enabled,” Fatu said. “UConn [Wi-Fi access points] do not utilize services which require the feature to be enabled.”
Fatu said more fixes for the vulnerability are expected.
“Wireless is a pervasive technology, and vendors are expected to quickly produce patches for supported equipment.”
Charlie Smart is a campus correspondent for The Daily Campus. He can be reached via email at firstname.lastname@example.org.