Yesterday the news came that Wi-Fi secured using WPA2 can be compromised. Mathy Vanhoef of KU Leuven, one of the security researchers who discovered the specification blunder, warned that the security hole stems from a fundamental cryptographic weakness in the latest generation of wireless networking rather than a programming cockup.
Simply changing Wi-Fi network passwords is not going to help – software and firmware will need to be updated to workaround this deep design error:
The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available.
KRACK targets the four-way handshake of the WPA2 protocol and relies on tricking a victim's device into reusing an already-in-use key. This sleight of hand is achieved by manipulating and replaying cryptographic handshake messages.
The advice from CMGi is to continue to use your Wi-Fi products until CMGi has had time to assess if the flaw affects your Wi-Fi access points. If it does, then we need to find out if the manufacturer will be releasing a fix. If not, they only option is to replace the unit with a model that does not have the flaw or has been patched against it.
Marcus McDonnell
Technical Operations Manager
