HKCert
  

WiFi Protected Access II (WPA2) Multiple Vulnerabilities (KRACK)

Release Date: 17 / 10 / 2017
Last Update: 18 / 10 / 2017
Risk Level:  


Multiple vulnerabilities were identified in WiFi Protected Access II (WPA2) which could allow an attacker to conduct a key reinstallation attack (KRACK) on targeted devices that use WiFi. An attacker could decrypt the data or even conduct data tampering in the wireless connection.

 

To successfully conduct the attack, an attacker has to be within the wireless communication range of the WiFi access point (AP) and the targeted device.

 

Note: Vendors are rolling out patches and firmware updates. Please refer to the vendor's information or the following vulnerability notice: https://www.kb.cert.org/vuls/id/228519.

  • Information Disclosure
  • Data Manipulation
  • Devices that use WiFi.
  • Not all devices have patches. Contact your product vendor for details.
  • Install patches on wireless devices (e.g. smartphone, laptop, wireless router).
    Vendors are rolling out patches and firmware updates. Please refer to the vendor's information or the following vulnerability notice: https://www.kb.cert.org/vuls/id/228519.
  • Keep using WPA2 as it is still the safest WiFi security protocol.
  • Use SSL/TLS to encrypt sensitive information. Consider using a VPN solution if necessary.
  • Don't use public WiFi to handle sensitive information. 
  • Consider using wired connection or mobile data.
  • It should be noted that changing the security settings of your WiFi router does not help mitigate the vulnerabilities, e.g. changing the WiFi password.