- CERT Coordination Center (CERT/CC) released an announcement warning organizations about a wide-spread WPA2 protocol vulnerability. This vulnerability can access devices and WiFi access points (APs) to steal data or infect a protected network, potentially threatening healthcare network security as well.
Healthcare organizations need to advise their employees against connecting to any AP, especially public APs with their mobile devices that contain any PHI. The vulnerability can potentially expose PHI that is thought to be protected by security protocols.
The vulnerability consists of a weakness in the WPA2 protocol, which is a vital part of every WiFi network because it secures all networks. If an attacker is in range, he can use key reinstallation attacks (KRACKs) to exploit the weakness in the WPA2 protocol.
KRACK targets the four-way handshake that’s activated when a device accesses a WPA2 protected WiFi network. KRACK tricks the vulnerable WPA2 into reinstalling a key that’s already in use so the device appears to have the correct credentials.
This attack technique bypasses established network defenses, including encryption, and works against all modern protected WiFi networks.
“The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations,” vulnerability discoverer Mathy Vanhoef said in a statement. “Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected.”
“During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks,” he continued. “For more information about specific products, consult the database of CERT/CC, or contact your vendor.”
Arstechnica reported that the vulnerability is most likely to affect large corporate and government WiFi networks that accept connections from Linux and Android devices.
Healthcare organizations need to be aware of this attack and communicate with their wireless provider and wireless hardware vendors. Several wireless AP vendors already have patches available for installation.
Organizations with APs that have not been patched yet need to advise their employees to avoid using WiFi until the patches are made available.