SingCERT issues advisory on ‘multiple vulnerabilities’ affecting Wi-Fi networks

Security News ThreatsCybercrime Uncategorized

This comes after Belgian researchers publicly disclosed multiple vulnerabilities in the Wi-Fi Protected Access (WPA2) protocol.

File photo of a smartphone user on WiFi. (Photo: AFP)

SINGAPORE: The Singapore Computer Emergency Response Team (SingCERT) on Tuesday (Oct 17) issued an advisory on the “multiple vulnerabilities” affecting a security protocol commonly used by Wi-Fi networks.

SingCERT said in its advisory that the Wi-Fi Protected Access 2 (WPA2) security protocol, which was developed by the Wi-Fi alliance to enhance the security of these Wi-Fi networks, have multiple vulnerabilities. These vulnerabilities may affect the data confidentiality of users’ Wi-Fi connectivity in their homes and offices, it added. 

The agency, which is under the Cyber Security Agency of Singapore (CSA), said devices with Wi-Fi connectivity using WPA and WPA2 protocols are potentially vulnerable. Should a successful man-in-the-middle attack take place on affected affected devices, the attacker can exploit the vulnerabilities to “monitor, inject and/or manipulate users’ network traffic”, SingCERT cautioned.

Researchers Mathy Vanhoef and Frank Piessens of Belgian university KU Leuven had on Monday disclosed the bug, saying that “if your device supports Wi-Fi, it is most likely affected”.

SingCERT said that Microsoft has released a security update for supported versions of their products, and users are “strongly advised” to patch their systems. Users of other affected devices are advised to check with their respective vendors on the availability of the security patches and apply appropriate patches to resolve these vulnerabilities as soon as possible, it added.

The agency also said to enhance security, users are encouraged to secure their Wi-Fi networks using a secondary encryption tool such as virtual private networks (VPNs), or consider a supplementary security protocol such as Transport Layer Security (TLS) and Secure Shell (SSH) to “encrypt and protect data confidentiality when performing sensitive transactions”.

Alternatively, they could use a wired LAN for Internet connection, SingCERT said.

The Wi-Fi Alliance had said the issue “could be resolved through a straightforward software update” and it had advised members to quickly release patches and for users to quickly install them.