On October 16th 2017 a serious WiFi vulnerability called KRACK was published. KRACK is a security weakness in a common Wi-Fi security standard and affects all Wi-Fi implementations regardless of vendor. This flaw is in the WPA2 protocol, used to encrypt your wireless networks. JerseyConnect is alerting the library community because wireless library patrons can become subject to information theft on presumably secure wireless connections. For full details please see the KRACK attack website, https://www.krackattacks.com.
JerseyConnect’s Managed Wi-Fi equipment already has a firmware update available to fix the KRACK vulnerability. For details see Meraki’s official response, https://meraki.cisco.com/blog/2017/10/critical-802-11r-vulnerability-disclosed-for-wireless-networks/. For our Managed Wi-Fi customers we have already begun testing and rolling out the firmware updates. We expect all Managed WiFi customers to have updated access points by the end of the week.
For any libraries that maintain their own WiFi equipment, we strongly urge you to contact your technical support and your Wi-Fi vendors to address this critical vulnerability. Additionally wireless client devices, such as laptops, tablets, phone, etc. are also affected and you should work with your technical support to update those devices as patches are released. We also recommend using secure protocols, like HTTPS, whenever possible to prevent eavesdropping.