Wireless networks worldwide are vulnerable to being targeted by KRACK attacks, which, if successfully executed, allow an attacker to eavesdrop on communications. NO USER INTERACTION is required to be attacked.

WPI Network and Computers:

The WPI wireless network is configured to minimize this risk. WPI's Information Technology Services (ITS) team continually tests software updates. ITS-managed WPI computers running a Windows operating system are regularly updated with security patches.

Working Remotely:

When working off-campus, the threat becomes more profound, especially when using:

  • Open Wireless: no encryption, usually indicated by a different icon in operating system network properties (ex: coffee shops)
  • Wireless Hotspots: often unencrypted (ex: wireless connection via signal on your phone)
  • Third Party Wireless Systems: Wi-Fi vulnerability is dependent upon provider (ex: home network, hotel wifi)

Recommended Actions:

  1. Use VPN: All WPI employees who work off campus are strongly encouraged to use the WPI VPN service.
    • It is available for varied devices including computers, tablets, and phones.
    • Environments for usage include but are not limited to home networks, open wireless networks, wireless hotspots.
  2. Refrain from conducting WPI work using an Open Wireless Network.
  3. Update Personal Networks and Devices: If you conduct university work on non-WPI managed devices, you need to install patches for those operating systems. Patching these vulnerabilities is critical to preventing the machine from being hacked. This will protect your personal information and WPI's data.
    • Microsoft has already included the fix in their October 2017 security patches for all supported versions of Windows, including Windows 7 and Windows 10.
    • Apple is believed to have already included a fix in recent patches for MacOS and iOS, but has not yet confirmed this.
    • Google released a fix in December 2017 for all Pixel devices.
    • For other operating systems and devices, such as home routers and media player devices, please contact vendor support to verify vulnerability and the status of available patches.