Recently, the Department of Information Security (Ministry of Information and Communications) issued Official Dispatch 541/CATTT-TDQLGS regarding the warning of information security risks on devices using Wifi networks.
Article table of contents
Causes of Information Security Breaches
To be specific: on October 16, 2017, the website www.krackattacks.com disclosed a group of vulnerabilities in the WPA/WPA2 protocol. Attackers can eavesdrop, decrypt the encrypted protocol, and read the contents of packets previously thought secure. Consequently, they may steal personal and sensitive information such as bank accounts, credit cards, social network accounts, online accounts, private information, chat content, emails, photos, videos, etc., transmitted via the user's wireless Wi-Fi network.
This form of attack affects all Wi-Fi broadcasting devices using the WPA/WPA2 protocol. Depending on the network system configuration, attackers might also modify packet contents or attach ransomware or spyware, causing users to inadvertently infect themselves.
Preventive Measures
To ensure information safety and prevent dangerous cyber attacks, the Information Security Department recommends:
For users:
- Regularly check for updates on handheld devices, mobile devices, wireless network card drivers on computers, and Wi-Fi broadcasting devices to update immediately when new patches are available;- Be cautious when using wireless networks, especially public Wi-Fi networks. Only access websites using the HTTPS security protocol and be careful when entering personal accounts or other sensitive information on websites.- Continue to maintain the WPA/WPA2 encryption protocol for wireless broadcasting devices used at home, combined with highly secure passwords.
For agencies and organizations:
- Warn users within the organization and implement the measures mentioned above as applicable to users;- Actively monitor information from competent authorities and information security organizations to promptly update patches for their network devices. Encourage staff working in agencies and organizations to proactively and regularly check and update terminal devices when new updates are available.- Immediately contact competent authorities, as well as organizations and enterprises in the field of information security, for support when necessary.
See more Official Dispatch 541/CATTT-TDQLGS dated October 16, 2017.
