Information Technology Services is addressing the vulnerability, referred to as KRACK (Key Reinstallation Attack). The vulnerability affects WiFi connectivity using the WPA2 encryption method. The hacker could use this vulnerability on an open, unencrypted network to retrieve confidential information including credit card information, social security numbers, bank account information, etc.
The K-State current Aruba infrastructure already has the protection in place for all of the vulnerabilities except for 802.11R, which is not enabled on our controllers at this time.
While protections are in place, K-Staters need to ensure that their devices (smartphones, laptops, etc.) have all the current patches and update as patches become available. This vulnerability also underscores the need for K-Staters to use the authenticated networks on campus including KSU Wireless, KSU Housing and Eduroam. When connecting from outside our network, K-Staters need to use the virtual private network (VPN).
The open KSU Guest wireless is unencrypted and should be avoided. The same is true when using open wireless networks at local restaurants, fast food operations, hotels, when shopping etc.
For assistance, contact the IT Help Desk at 785-532-7722.
