Krack Attack – Wi-Fi vulnerability affecting WPA

Press Release : October 19, 2017
Default Post Image

WEP has been considered to be a flawed encryption and WiFi implementations have always concentrated on implementing WPA Encryption standard so as to ensure a secure WiFi communication channel. However, recently researchers Mathy Vanhoef and Frank Piessens, from the University of Leuven, have found multiple flaws in WPA encryption which would allow hackers to decode the traffic and inject malicious packets into the secure WPA communications channel.

The vulnerabilities in itself are related to the WPA protocol standard which allows the attackers to force the devices to reissue the nonce effectively forcing the devices to initiate Key Reissue Attacks (KRACK).

This weakness in the protocol allows the attackers to sniff the traffic traversing between the devices and access-points while the worst case scenario is an injection of malware into websites. The vulnerability affects all devices running on Windows, MacOS, iOS, Android, and Linux. Due to the devastating implications of this vulnerability, Vendors have been quick to respond and made available patches to mitigate these vulnerabilities.

Identifiers:

1. CVE-2017-13077

2. CVE-2017-13078

3. CVE-2017-13079

4. CVE-2017-13080

5. CVE-2017-13081

6. CVE-2017-13082

7. CVE-2017-13084

8. CVE-2017-13086

9. CVE-2017-13087

10. CVE-2017-13088

More can be read about this research over here https://www.krackattacks.com/

Vendors:

Microsoft:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

Ubuntu:

https://usn.ubuntu.com/usn/usn-3455-1/

Redhat:

https://access.redhat.com/security/cve/cve-2017-13080

Intel:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr

Advisory:

1: Patch your devices as and when the patches are made available

2: Since this is a protocol-level vulnerability, changing password wouldn’t help in mitigating the attacks.

For more information, please visit – https://www.escanav.com/

Notes to editors

For more information please contact:
Tel: email: Visit the newsroom of: webpr