The most commonly used security standard for Wi-Fi networks has been compromised.  A recent Key Reinstallation Attack (KRACK) breaks the handshake that encrypts the connection, and cyber criminals could target nearby Wi-Fi networks. There have been no reports yet of this vulnerability being actively exploited. However, ITS recommends that you take action to protect your devices and data.

The intended targets of this attack are end-user devices.  ITS-supported clients will be patched by ITS, and we strongly encourage that you install security updates on personal devices that connect to a Wi-Fi network as soon as they are available.  Microsoft has patched their operating systems, and Apple will be releasing fixes shortly.  Those with Android smartphones should check with their phone manufacturer or mobile carrier for updates.  Other devices, such as individual wireless routers, should be updated with vendor provided patches.

Please note: You are safe if your connection has other protection, such as HTTPS or VPN.

For more information or assistance, contact the ITS Help Center at helpcenter@uconn.edu.

---