A leading security expert has identified a vulnerability in the Wi-Fi Protect Access (WPA) protocol. Security researcher Mathy Vanhoef recently revealed the vulnerability allows a malicious attacker to gain access to all communication (including emails), across wireless networks.

The vulnerability affects Wi-Fi routers and access points, using the following wireless encryption protocols: WPA, WPA2-PSK and WPA2-Enterprise – currently the most common protocols used for securing wireless networks and, until now, these protocols were considered to be the most secure. Wi-Fi enabled devices such as computers, tablets, wearable smart health and medical devices will also be affected. All devices that connect to wireless networks are vulnerable, regardless of their operating system.

Suppliers of network hardware and operating systems are expected to release security patches over the coming days, and these patches must be applied as soon as practicable (some patches have already been released). As this impacts both the wireless access points and the wireless devices, patches must be applied to wireless access points as well as to all devices that connect to wireless networks. Until updated with a security patch they should be considered insecure.

There is currently no alternative secure protocol that can be used for wireless networks. The older protocol, WEP, is not secure and there are well-established exploits which have been used to attack it. It is therefore lower risk to continue to use WPA-based protocols despite the newly identified vulnerability. The Australian Digital Health Agency (ADHA) recommends that you check with your vendor to determine whether your Wi-Fi access points and wireless devices are vulnerable and when patches will be available.

Click here to download more information or please contact the ADHA by emailing cyber-enquiries@digitalhealth.gov.au or phoning 1300 901 001.