Skip to main content

WiFi Protected Access II (WPA2) Multiple Vulnerabilities (KRACK)

Last Update Date: 18 Oct 2017 Release Date: 17 Oct 2017 6592 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in WiFi Protected Access II (WPA2) which could allow an attacker to conduct a key reinstallation attack (KRACK) on targeted devices that use WiFi. An attacker could decrypt the data or even conduct data tampering in the wireless connection.

 

To successfully conduct the attack, an attacker has to be within the wireless communication range of the WiFi access point (AP) and the targeted device.

 

Note: Vendors are rolling out patches and firmware updates. Please refer to the vendor's information or the following vulnerability notice: https://www.kb.cert.org/vuls/id/228519.


Impact

  • Information Disclosure
  • Data Manipulation

System / Technologies affected

  • Devices that use WiFi.
  • Not all devices have patches. Contact your product vendor for details.

Solutions

  • Install patches on wireless devices (e.g. smartphone, laptop, wireless router).
    Vendors are rolling out patches and firmware updates. Please refer to the vendor's information or the following vulnerability notice: https://www.kb.cert.org/vuls/id/228519.
  • Keep using WPA2 as it is still the safest WiFi security protocol.
  • Use SSL/TLS to encrypt sensitive information. Consider using a VPN solution if necessary.
  • Don't use public WiFi to handle sensitive information. 
  • Consider using wired connection or mobile data.
  • It should be noted that changing the security settings of your WiFi router does not help mitigate the vulnerabilities, e.g. changing the WiFi password.

 


Vulnerability Identifier


Source


Related Link