Your wireless network is NOT secure - WPA Vulnerability

October 17, 2017 by Andrew Lomas

2a_Wifi-300x192.pngWiFi - WPA Vulnerability found

On October 16, 2017, a statement from the International Consortium for Advancement of Cybersecurity on the Internet (ICASI) was released alerting the industry to a series of WPA vulnerability flaws for WPA and WPA2. This means your wireless network and devices are not secure and action is required to patch this flaw.

These vulnerabilities are at the protocol-level and affect a large number of wireless infrastructure devices and wireless clients, across many vendors. This security flaw means that, for vulnerable clients and access points, WPA and WPA2-encrypted Wi-Fi traffic is no longer secure until certain steps are taken to remediate the issue. The Wi-Fi data stream, including passwords and personal data, can be intercepted, decrypted, and modified without a user’s knowledge.

The flaw, known as KRACK, affects WPA2, a security protocol widely used in most modern Wi-Fi devices.

In some cases, a hacker could exploit KRACK to inject malware such as ransomware into websites, according to KU Leuven's Mathy Vanhoef, the researcher who discovered the WPA vulnerability. Vanhoef's findings were reported by tech site Ars Technica early Monday morning.

What is KRACK

KRACK is an acronym for Key Reinstallation Attack. It involves an attacker reusing a one-time key that's provided when a client device attempts to join a Wi-Fi network. Doing so could enable the hacker to decrypt information being exchanged between the access point and the client device, which could leave personal details like credit card numbers, messages and passwords exposed, as Vanhoef notes.
 
This is how the WPA Vulnerability works as described on Vanhoef's website: When a device joins a protected Wi-Fi network, a process known as a four-way handshake takes place. This handshake ensures that the client and access point both have the correct login credentials for the network, and generates a new encryption key for protecting web traffic. That encryption key is installed during step three of the four-way handshake, but the access point will sometimes resend the same key if it believes that message may have been lost or dropped. Vanhoef's research finds that attackers can essentially force the access point to install the same encryption key, which the intruder can then use to attack the encryption protocol and decrypt data.

Who's affected

Any device using WiFi is effected such as smartphones, laptops and tablets but especially Android and Linux operating systems.

Creative Folks are currently assessing all our managed services customers networks and devices and working with our main vendors such as Watchguard, Datto, Microsoft, Apple and others to identify and prepare a plan to apply patches to remedy.

For those of you with WiFi networks at home, please contact the vendor of your devices and ensure you update then as soon as possible. If you are unsure what to do or want to learn more, please free to reach out to our team at Creative Folks and we will be more than happy to assist you.

Click here to claim your free cyber security assessment valued at $399

Share post:

Filed Under: : News, security, Vulnerability, WiFi, WPA, WPA2, Android, Apple, KRACK, News & Announcements, wireless

Brandfolder

AWS Serverless technologies

Want to work smarter?

At Creative Folks, we get excited about making the business of communication easier. Get in contact with our dedicated team.

Talk to us

Swivle DAM Trial

Want to learn how you can store and manage in unlimited number of assets in the cloud for a low cost?

With Swivle, we've simplified the way you and your business organize digital assets. All from one place.

Try now

Case Studies

Yaffa Media leverages WoodWing´s multi-channel publishing system Enterprise and WoodWing´s digital asset management solution Elvis DAM to maximize the efficiency of the production of its 35+ magazines, 16 apps and 25 web sites

Read Case Study

Latest news

Are you curious to learn about the latest Elvis DAM features? 

Read Post