WPA2 weakness means that every modern Wi-Fi network may be subject to attack
- Published: Tuesday, 17 October 2017 13:36
Researchers have identified ‘serious weaknesses’ in WPA2, a standard protocol that secures all modern protected Wi-Fi networks. If exploited, an attacker can use key reinstallation attacks (KRACKs) to read information that was previously assumed to be safely encrypted. The attack method can also be used to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.
According to the researchers, the weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely to be affected. To prevent the attack, organizations must update affected products as soon as security updates become available.
Read more about this at the researchers' website: https://www.krackattacks.com/
Industry comments about this vulnerability:
Matt Walmsley, EMEA Director, Vectra.ai commented: “The latest Wi-Fi security flaw, ‘Krack’, is another example of just how porous the enterprise perimeter has become. It is increasingly difficult to defend and block malicious threats from seeing our previously assumed secure communications, and gaining a foothold inside our networks from which they can escalate their influence to wreak havoc.
“As the vulnerability is written into the current WPA2 standard, it may take an extended bout of time for a security update to be defined, agreed and implemented in the vast array of vendors’ Wi-Fi devices. Until then, WPA2 Wi-Fi connections are under threat, and communications may not be secured.
Enterprises need to increase their visibility inside the network to automatically detect, analyse and respond to nefarious behaviours before they have time to escalate into critical security incidents. Using artificial intelligence provides an added layer of protection and ensures a more holistic coverage across the entire network. It significantly improves accuracy of threat detection and enables faster incident response to mitigate risks before they cost the organization dearly.
Dr Gary McGraw, VP of security technology at Synopsys, said "The KRACK problem is unfortunately a prime example of a design flaw (as opposed to an implementation bug). That’s why KRACK is so pervasive across chips and platforms. Generally speaking, flaws have a much greater impact than bugs and are harder to fix. Building secure software properly addresses both bugs and flaws in equal measure."