Category Archives: This is going to hurt maybe a lot

Wifi Security Vulnerabilities

I thought the medical community should be alerted to a critical security issue regarding the use of WiFi wireless systems secured using WPA and WPA2 encryption schemes. The folks over at Elcomsoft (known for breaking the encryption on Adobe PDF files) have developed a technique to break WiFi WPA/WPA2 encryption. You can buy their “password recovery” software now and enough details are present in the wild that I would expect a very short period of time before this attack is common place. People using our web-based ClearHealth & WebVista systems typically use HTTPS and so would not need to worry about insecure wireless links. However our experience is that many users have the same password for multiple services and so something like email could leak a password shared in common with a healthcare system. Non web-based systems that don’t have their own secure encryption should not be used with WiFi. I think many VistA implementations fall in to this category though you are likely OK if using a VPN as well as WPA/WPA2. I would be very concerned about devices like the iPhone, Tablets, Blackberries and other mobility as a lot of those default to HTTP for web based systems. Just thought that everyone should be aware that WiFi links cannot be trusted in and of themselves.