IT disaster recovery, cloud computing and information security news

WPA2 weakness means that every modern Wi-Fi network may be subject to attack

Details
Published: Tuesday, 17 October 2017 13:36

Researchers have identified ‘serious weaknesses’ in WPA2, a standard protocol that secures all modern protected Wi-Fi networks. If exploited, an attacker can use key reinstallation attacks (KRACKs) to read information that was previously assumed to be safely encrypted. The attack method can also be used to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

According to the researchers, the weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely to be affected. To prevent the attack, organizations must update affected products as soon as security updates become available.

Read more about this at the researchers' website: https://www.krackattacks.com/

Industry comments about this vulnerability:

Matt Walmsley, EMEA Director, Vectra.ai commented: “The latest Wi-Fi security flaw, ‘Krack’, is another example of just how porous the enterprise perimeter has become. It is increasingly difficult to defend and block malicious threats from seeing our previously assumed secure communications, and gaining a foothold inside our networks from which they can escalate their influence to wreak havoc. 

“As the vulnerability is written into the current WPA2 standard, it may take an extended bout of time for a security update to be defined, agreed and implemented in the vast array of vendors’ Wi-Fi devices. Until then, WPA2 Wi-Fi connections are under threat, and communications may not be secured.

Enterprises need to increase their visibility inside the network to automatically detect, analyse and respond to nefarious behaviours before they have time to escalate into critical security incidents. Using artificial intelligence provides an added layer of protection and ensures a more holistic coverage across the entire network. It significantly improves accuracy of threat detection and enables faster incident response to mitigate risks before they cost the organization dearly.

Dr Gary McGraw, VP of security technology at Synopsys, said "The KRACK problem is unfortunately a prime example of a design flaw (as opposed to an implementation bug).  That’s why KRACK is so pervasive across chips and platforms.  Generally speaking, flaws have a much greater impact than bugs and are harder to fix.  Building secure software properly addresses both bugs and flaws in equal measure."



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

The Hunt for Hidden Risks
The Impact Tolerance Guide

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.