What to Know About the WIFI Vulnerability
As many of you may have heard yesterday, the security protocol used to protect the vast majority of Wi-Fi connections has been partially compromised by Belgian researchers – potentially exposing encrypted wireless traffic to malicious eavesdroppers and attacks. Presidio engineering was notified of the impending release on this information on the evening of October 15, 2017 and has been working diligently to understand the impact to our customers ever since.
Several critical new security vulnerabilities (generally known as Key Reinstallation AttaACKs, or “KRACKs”) were publicly announced yesterday that affect wireless networks using either a pre-shared key (password) or 802.1x (PEAP, EAP-TLS) to authenticate users. Nine of these vulnerabilities require client operating system updates to patch user devices like laptops, mobile phones, tablets, etc. However, one vulnerability in particular affects most wireless vendors — including Cisco and Meraki — and targets Fast Secure Roaming (a.k.a Fast BSS Transition, or FT) capabilities inherent in the 802.11r protocol.
The good news is that there are no automated tools to take advantage of these new vulnerabilities, but that could change quickly – several weeks would be the best guess. It’s also worth noting that any traffic that’s encrypted at the application level isn’t at risk – it’s only wireless application traffic that’s clear-text (DNS, FTP, Telnet) that are subject to being decrypted as a result of this vulnerability.
Again, in order to be fully protected, patches and OS updates will be required on wireless clients and wireless infrastructure devices alike. Microsoft has publicly announced that client devices with automatic updates are protected, and Apple devices are rumored to be protected as well. Cisco WLCs will need to be upgraded to code that is expected to be available this Thursday or Friday.
For Presidio's Engineering Statement on the WPA2 Injection Attack, such as document details the expected impact, where to go for current information, and guidance on how to address the overall vulnerabilities, please contact Matt Rutter, at [email protected].