According to the annoumcement of the security office of Kyoto University, the serious weaknesses on the latest Wi-Fi technology (WPA2) were discovered. An attacker within range of a victim can exploit these weaknesses using KRACKs (Key Reinstallation AttaCKs). This can be abused to steam sensitive information, such as an credit card numbers, passwords, emails, photos, web browsing history, and so on.
First of all, the Center’s main services, such as Google products (Gmail, Google Calendar, Google Drive,…) and the websites using https:// (SSL encryption) aren’t influenced.
If you use FTP or HTTP (http://) for uploading a website data, managing a website, or browsing a website, their data may be stolen through Wi-Fi network from your PC.
* How can we protect ourselves?
1. Update firmware(OS&software) of your Wi-Fi router firmware
The firmware update of Wi-Fi of Kyoto University will be considered.
In case of using a Wi-fi at your home, please check the announcement of the Wi-fi router company.
2. OS Update on your PC
Microsoft already released the security patch for Windows OS.
Of course, the support ended OS won’t be supported, such as Windows Vista, macOS 10.8 or previous version.
– Windows Update: http://support.microsoft.com/ph/6527
– Software Update: https://support.apple.com/en-us/HT201541
According to the Apple and Google announcement, the security patch for macOS, iOS (iPhone/iPad), and Android devices will be released within several weeks.
Please cope with the issue by yourselves.
18th October, 2017
Information Processing Office.