Wi-Fi WPA2 Security Vulnerability – KRACK

A new Wi-Fi WPA2 security vulnerability, Key Reinstallation Attack (KRACK for short), has been detected by the network security community – what you need to know…

“This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on,” researcher Mathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium wrote. “The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”

“The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that was scheduled for 8am Monday, East Coast time. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS and Windows, as well as MediaTek Linksys, and other types of devices. The site warned that attackers can exploit the flaw to decrypt a wealth of sensitive data that’s normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol.” -arsTECHNICA

New clients can contact us to verify that their current systems are secure – all existing clients with Wi-Fi remote management have/will be updated automatically as soon as said updates are made available.

US-CERT announcement: https://www.us-cert.gov/…/CERTCC-Reports-WPA2-Vulnerabiliti…