Key Information on The Attack That Works Against All Modern Protected WiFi Networks.
On October 16th, 2017, the world became aware of a key flaw in the WPA2 WiFi encryption protocol that could allow hackers to intercept your credit card numbers, passwords, photos and other sensitive information. The flaws, dubbed “Key Reinstallation Attacks,” or “Krack Attacks,” may be “particularly devastating,” according to KU Leuven University’s Mathy Vanhoef and Frank Piessens, who found the flaw.
Here is what you need to know at this time about the attack:
What The Threat Is
News was released this week that in an academic paper from KU Leuven, a researcher discovered an exploit in all versions of WPA and WPA2 protocols, which manages all modern wireless networks currently supported. The exploit allows traffic read locally to be decrypted, meaning all network traffic can be read clearly back and forth from wireless.
What this means is that normally encrypted data like passwords and credit card numbers can be logged. However, this attack requires physical access to the network, so it would only be possible in extremely targeted attacks at this time. Click here to learn more about how the attack works.
Who Is Impacted
This exploit has been proven in the wild for Mac/Linux and Android devices and we expect the vulnerability to be available with iOS and Microsoft products. However, no iOS or Windows exploits have been found yet, only in a lab.
At this time, Wireless manufacturers and PC/Phone/device manufacturers are working to correct the issue via a firmware upgrade. Currently, there are no patches available.
For those who are in a managed services contract with us: we will be patching as soon as a solution presents itself. You will be hearing a lot of news about this exploit. Please know that we are aware of the issue, the issue requires physical access to the network before it can be utilized, and we will resolve this as soon as a resolution becomes available.
- [Forbes] Update Every Device — This KRACK Hack Kills Your Wi-Fi Privacy
- [Engadget] Severe WiFi security flaw puts millions of devices at risk
- [CERT Vulnerability Note Database] Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse