Posted on: October 16, 2017
Background: On October 16, 2017, security researchers disclosed a flaw in the WPA2 protocol used to secure wireless communications .
Impact: Any product that communicates over WiFi and uses WPA2 to encrypt that traffic is vulnerable. This includes nearly all mobile devices, computers, connected home devices, and wireless access points and routers including those on the TRU campus. Although communications between vulnerable devices could be decrypted and hijacked, at this time we are not aware of any such activity on the TRU network.
Platforms Affected: All operating systems for clients and access points are affected. If you have a device which uses WiFi, it likely needs to be patched.
Local Observations: TRU is currently looking at available patches for our computing systems and Wireless network, however you will still need to patch your own devices.
Recommendations: Install operating system patches and firmware updates as soon as they’re available to any wireless device. Firmware updates are usually manual and may not be provided for all devices. Because so many devices are impacted, it is not possible to list all patches available here. A couple of web sites are tracking that information, links are provided below .
Workarounds: Use TRU’s VPN (https://truvpn.tru.ca ) when communicating with a vulnerable or untrusted wireless device. This is good practice for any public, unsecured WiFi.
References and Further Reading:
 https://www.krackattacks.com/ – Key Reinstallation Attacks
 https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it Current Status of KRACK firmware patching
 https://www.kb.cert.org/vuls/id/228519/ – CERT Vulnerability Notes
(250) 852-6800 or email ITServiceDesk@tru.ca