On Monday, October 16, 2017, UMass Amherst Information Technology applied security patches to the campus wireless infrastructure in response to a new cybersecurity threat targeting wireless networks (Krack Attack). Krack attacks exploit a flaw in the WPA2 wireless protocol, enabling attackers to intercept passwords, emails, and other data, and in some cases, to inject ransomware or other malicious content into a website a client is visiting. Major vendors have released a patch or are in the process of doing so.
To help mitigate risk, we recommend that members of the campus community:
- Update their home wireless devices
- Continue to use encrypted protocols (VPN, SSL, SSH) when connecting to non-UMass networks
For questions, please contact IT User Services at 413-545-TECH (8324) or it@umass.edu. Updates will be provided as more information becomes available. For more information, see: https://www.kb.cert.org/vuls/id/228519