Widespread WiFi Vulnerability

Apple has released a new security update that you should install as soon as possible.  This operating system update, across virtually all Apple products, fixes a few security issues, including a very serious one that has recently been announced.

This vulnerability, called Broadpwn, is different from typical viruses and malware because it requires no user interaction. The system vulnerability allows an attacker to easily run their programs on your phone or computer by accessing your device over WiFi. 

In other words, if you are in range of an attacker and have WiFi on, they can essentially take over your phone or computer, which could allow an attacker to read your emails, access your camera, and listen to your phone calls.

The vulnerability affects a particular manufacturer of WiFi hardware, which is present in an enormous range of devices, including many Android phones and all iPhone, iPad, and iPod touch models. Google issued a security patch for Android devices in early July, and Apple has released its update within the last 2 days.

This is a widely known and well publicized vulnerability.  We expect that malicious hackers will take advantage of this quickly and in many locations.

Besides your phone and computer, look for system updates from any of your wireless connected devices, for example:

Smart TV
Apple TV
Apple Watch
Alexa
Google Home
Nest
Phillips Hue
 
If you need assistance with updating your phone or computer, please contact the UIS Service Center at 855-687-4949 or help@georgetown.edu.

You can find more information about “broadpwn” at:
nvd.nist.gov/vuln/detail/CVE-2017-9417
iOS (support.apple.com/en-us/HT207923)
Android (source.android.com/security/bulletin/2017-07-01)