Wi-Fi Protected Access II — which secures all modern Wi-Fi connections — can be manipulated such that when an attacker is within range of a victim, they can exploit these weaknesses using key reinstallation attacks, which may involve installing malware or ransomware on a device. The vulnerability was discovered by security researcher Mathy Vanhoef, PhD, a postdoc at KU Leuven in Belgium.
The Department of Homeland Security issued a vulnerability note Oct. 16 and listed all affected Wi-Fi network vendors.
In a blog post detailing the vulnerability, Dr. Vanhoef wrote any device that connects to Wi-Fi is at risk for this type of attack. For hospitals, they can be a big issue.
“Many medical device vendors rely on the security of the hospital network, a user is cellular network, or a networking protocol like Wi-Fi or Bluetooth to ensure their products are not hacked. But, protocol-level vulnerabilities like this demonstrate that manufacturers of life-saving connected medical devices need security features built deep into their software to ensure vulnerabilities like these don’t put patients’ data or lives at risk,” Mike Kijewski, CEO and co-founder of a medical device security company, MedCrypt, told Becker’s Hospital Review.
Dr. Vanhoef recommends users ensure all their devices, including their router’s firmware, are up to date. Additionally, while changing Wi-Fi passwords may not prevent or mitigate the threat of this attack, it is always a good idea to do so.
More articles on cybersecurity:
Supreme Court to hear Microsoft data privacy case
Microsoft: North Korea to blame for WannaCry attacks
Missouri clinic pays ransom, notifies 1.6k patients of cyberattack
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
