Today is BLACK MONDAY: WiFi is No Longer Secure”
Today is being called “Black Monday” in many information security circles. We have had a major Wi-Fi vulnerability announced that affects absolutely every device that supports Wi-Fi. The vulnerability allows attackers to decrypt WPA2 connections. A second vulnerability has also emerged today. This is a bad day for security.
There is a lot of very technical information, which most of you won’t understand, but if you techies want to read the full article, WordFence wrote it much better than I ever could. You can catch that post here: WORDFENCE WPA2 ENCRYPTION CRACKED!
Just to show you how quickly a hacker can now get onto a wifi network, and get passwords, and much, much more, I’ll add the Video here so you don’t have to click to watch the video.
I will follow up this post, as soon as I learn how to secure wifi again. As it is, everyone is using WPA2, it was supposed to be the unbreakable security method. But I’m sure they will tell us quickly how to block these kind of attacks, and I will pass it on to you as soon as I find out myself. (because information should be shared)
And here is a list I found of a guy who monitoring, and manually updating a list of updated devices. I don’t know how complete it is, but thought I’d share it with you: https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it
Update: Windows devices were patched on or after October 10th, 2017. If you got the following patch, your windows computer is safe to connect to wifi networks. (although the network itself could have been hacked through some other unpatched android or iOS device. The hack needs a unpatched client device to “handshake” and gain network access, one they have it, they are on the network) That only means that no one will gain access to the network ‘from’ your device, not that they won’t get access. If you have a good firewall and proper security settings on your laptop, you may be ok. The post from Microsoft is here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080