#acl All:read

== Some information on the Wi-Fi vulnerability ==

You may be aware from the news that a new vulnerability has been discovered in the security of !WiFi connections.  We are sharing some of the key points here, as many of you will already have read about this worldwide vulnerability in the mainstream media and may be wondering what it means for you.
 * Essentially, due to a design flaw in the !WiFi protocols, the encryption that is built in to a “secure" !WiFi connection (Wi-Fi Protected Access II, WPA2) is now vulnerable to being compromised.

 * The key take away from this is that you should treat ALL !WiFi connections as unencrypted connections. In other words, for now, when connecting to secure !WiFi services you should use the same precautions you would use when connecting to an unencrypted free !WiFi service at a shopping centre or airport.

 * Someone can only compromise your !WiFi connection and capture the information you are sending over the connection if they are within range of the wireless signal - that is about 50-100m, depending on the signal strength of your device, physical obstructions, etc.

 * In any use of the Internet there are often multiple layers of security and it is only the underlying layer of encryption on the base !WiFi link that is affected. If you use other additional kinds of encryption in your use of the Internet via the wireless connection, those other forms of encryption will still be protecting you. For example, if you are connecting to a web site via a secure web connection in your browser, that browser based security is still intact. If someone were to capture your compromised !WiFi network traffic, all they would be capturing is the encrypted communication between your browser and the secure website. They would still not be able to easily read the information you are sending to and from that secure web site.  (A secure website can be identified where the web site address is a HTTPS address, rather than an unencrypted HTTP address.

 * While this vulnerability has resulted from a flaw in the underlying !WiFi protocols, various operating system and device vendors can release updates that will prevent the vulnerability from being applicable to your device. Microsoft quietly released a patch last week to do this for Windows 7, Windows 8, and Windows 10 operating systems. Apple has a patch in beta testing that should be released soon for iOS based phones and tablets, and for Mac computers. Android patches are in development but may take longer to release and may not apply to all Android devices. 

 * All !WiFi devices are impacted, this can include !WiFi connected washing machines, 3D printers, smart TVs and any other !WiFi connected smart devices. These kinds of devices are less likely to be updated with a patch correcting the issue, however the risk is lower for some of these devices. For example, while a person could, in theory, capture data being sent to and from a washing machine, the data isn’t likely to be very useful or compromising. However where sensitive information is being sent to a 3D printer via a wireless connection, if there is some prospect that third parties may want to use this vulnerability to capture that data, care should be taken to consider whether current practices should be changed, such as not using the devices via a wireless connection, or adding another layer of encryption to the data being sent, if this is possible.

 * Apple have said that, once patched, devices running iOS, macOS, tvOS, and watchOS will not be able to be exploited using the KRACK method even when connected to a router (or hub or modem) or access point that is still vulnerable. Still, consumers should watch for firmware updates for all of their devices, including routers.

DavidMorgan with information from Monash University and Apple