Researchers have identified a flaw in the security protocol that protects nearly all Wi-Fi networks, which could compromise almost all wireless-enabled devices.
Wi-Fi Protected Access II — which secures all modern Wi-Fi connections — can be manipulated such that when an attacker is within range of a victim, they can exploit these weaknesses using key reinstallation attacks, which may involve installing malware or ransomware on a device. The vulnerability was discovered by security researcher Mathy Vanhoef, PhD, a postdoc at KU Leuven in Belgium.
The Department of Homeland Security issued a vulnerability note Oct. 16 and listed all affected Wi-Fi network vendors.
In a blog post detailing the vulnerability, Dr. Vanhoef wrote any device that connects to Wi-Fi is at risk for this type of attack. For hospitals, they can be a big issue.
"Many medical device vendors rely on the security of the hospital network, a user is cellular network, or a networking protocol like Wi-Fi or Bluetooth to ensure their products are not hacked. But, protocol-level vulnerabilities like this demonstrate that manufacturers of life-saving connected medical devices need security features built deep into their software to ensure vulnerabilities like these don't put patients' data or lives at risk," Mike Kijewski, CEO and co-founder of a medical device security company, MedCrypt, told Becker's Hospital Review.
Dr. Vanhoef recommends users ensure all their devices, including their router's firmware, are up to date. Additionally, while changing Wi-Fi passwords may not prevent or mitigate the threat of this attack, it is always a good idea to do so.
More articles on cybersecurity:
Supreme Court to hear Microsoft data privacy case
Microsoft: North Korea to blame for WannaCry attacks
Missouri clinic pays ransom, notifies 1.6k patients of cyberattack