On October 16th, 2017, ten new security vulnerabilities, referred to as Key Reinstallation Attack (KRACK), were announced that target the session establishment and management process in WPA(1/2)-PSK and WPA(1/2)-Enterprise. This marks the first security vulnerability of WPA2 since its introduction. The vulnerabilities are related to different key handshakes, used between the Wi-Fi supplicant (client) and the AP (authenticator) to derive and install encryption keys. Using these vulnerabilities an attacker can force a client or access point (AP) to reinstall the keys used to encrypt wireless data. This gives attackers the option to replay, decrypt, or forge frames from your WiFi network, meaning they can see your traffic or steal your data from devices connected to compromised WiFi.
How to keep your devices safe
Most vendors have already released patches/firmware for their devices in which you can fix these vulnerabilities. Below are the firmware versions that are protected from the vulnerabilities and steps into upgrading to them if you have not already:
MR33s, 30Hs, 74s networks must be upgraded to firmware MR 25.7, all other networks should be upgraded to version 24.11.
To upgrade your firmware, please use the “Firmware Upgrade Tool” on your dashboard. To be sure that you have the right firmware, you may look for the “802.11r Vulnerability Impact” page on your dashboard.
The following ArubaOS are protected from the KRACK vulnerabilities 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206. For InstantOS, please make sure that your firmware is upgraded to 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199.
Please note that this takes care of one half (infrastructure), you must also make sure that your other half (clients) are also updated to their latest firmware to keep your whole network secure from these attacks. Please see below for some of the vendor status for their firmware updates:
Microsoft, Ubuntu and Linux have all released firmware updates to protect your clients from the vulnerability. Although Microsoft has only stated that the current iterations of their products have updates such as Windows 7, 8 and 10. As of now, macOS has no known fix but will be soon rolling out their fix soon.
As of now, Android has already released a statement saying that a patch will be released on November 6, 2017 that will solve these issues. So be ready to update your firmware for it by then. Just like macOS, the iOS have no known fix as well, but the upside to this is that there will be a guaranteed update to your apple device so you will be updated the moment the patch is ready.
Again, to ensure you are protected from the KRACK vulnerability, you need to have both infrastructure and client sides protected protected from the vulnerability not one or the other. We will update this article with the latest updates when they come out so please do check back every so often!
If you have any more inquiries on this, please do contact us at 893-9515 and we will do our best to answer them!