Andrew Lomas
By Andrew Lomas on 17/10/2017 11:33:52 AM

Your wireless network is NOT secure - WPA Vulnerability

2a_Wifi-300x192.pngWiFi - WPA Vulnerability found

On October 16, 2017, a statement from the International Consortium for Advancement of Cybersecurity on the Internet (ICASI) was released alerting the industry to a series of WPA vulnerability flaws for WPA and WPA2. This means your wireless network and devices are not secure and action is required to patch this flaw.

These vulnerabilities are at the protocol-level and affect a large number of wireless infrastructure devices and wireless clients, across many vendors. This security flaw means that, for vulnerable clients and access points, WPA and WPA2-encrypted Wi-Fi traffic is no longer secure until certain steps are taken to remediate the issue. The Wi-Fi data stream, including passwords and personal data, can be intercepted, decrypted, and modified without a user’s knowledge.

The flaw, known as KRACK, affects WPA2, a security protocol widely used in most modern Wi-Fi devices.

In some cases, a hacker could exploit KRACK to inject malware such as ransomware into websites, according to KU Leuven's Mathy Vanhoef, the researcher who discovered the WPA vulnerability. Vanhoef's findings were reported by tech site Ars Technica early Monday morning.

What is KRACK

KRACK is an acronym for Key Reinstallation Attack. It involves an attacker reusing a one-time key that's provided when a client device attempts to join a Wi-Fi network. Doing so could enable the hacker to decrypt information being exchanged between the access point and the client device, which could leave personal details like credit card numbers, messages and passwords exposed, as Vanhoef notes.
 
This is how the WPA Vulnerability works as described on Vanhoef's website: When a device joins a protected Wi-Fi network, a process known as a four-way handshake takes place. This handshake ensures that the client and access point both have the correct login credentials for the network, and generates a new encryption key for protecting web traffic. That encryption key is installed during step three of the four-way handshake, but the access point will sometimes resend the same key if it believes that message may have been lost or dropped. Vanhoef's research finds that attackers can essentially force the access point to install the same encryption key, which the intruder can then use to attack the encryption protocol and decrypt data.

Who's affected

Any device using WiFi is effected such as smartphones, laptops and tablets but especially Android and Linux operating systems.

Creative Folks are currently assessing all our managed services customers networks and devices and working with our main vendors such as Watchguard, Datto, Microsoft, Apple and others to identify and prepare a plan to apply patches to remedy.

For those of you with WiFi networks at home, please contact the vendor of your devices and ensure you update then as soon as possible. If you are unsure what to do or want to learn more, please free to reach out to our team at Creative Folks and we will be more than happy to assist you.

Click here to claim your free cyber security assessment valued at $399

Topics: News, security, Vulnerability, WiFi, WPA, WPA2, Android, Apple, KRACK, News & Announcements, wireless

Discover more

27/03/2020 10:00:30 AM Creative Folks Announces Gold Partner status with Sitecore. Read on
25/03/2020 4:36:33 PM How Creative Folks is supporting remote working Read on
12/12/2019 4:01:08 PM Holiday Season Operating Hours Read on

Product Highlight

New call-to-action

Subscribe

Tag

View More