Did you wake up this morning to discover that Wi-Fi security is fundamentally broken? Before you toss your phone away, smash your router, and move to a cabin in the woods, it might be good to take stock of the actual issue.
The WPA2 KRACK vulnerability is pretty serious. An on-site attacker can decrypt and replay client-to-AP traffic. Not Good. But while this cuts through the basic confidence in WPA2, it’s important to get context into how easy this exploit is to pull off (not very), and if patches are available to solve the issue.
Andrew von Nagy has done a great job in compiling many of the company responses to the exploit. The good news is that Microsoft, Aruba, Ubiquiti, and Meraki already have patches in the wild. The bad news? There’s a lot of companies who don’t and who knows how long it will take to implement patches when they do arrive.
KRACK is bad, but keeping updated on patches, looking for MITM attacks on-site, and using https will go a long way in terms of prevention.
Andrew von Nagy comments:
What’s the TL;DR? There are 9 vulnerabilities that are client related and 1 that is AP / Infrastructure related. All are implementation issues, meaning software patching can fix them! Of the 9 CVE’s related to clients, ALL can be mitigated with AP / Infrastructure updates as a workaround, but the infrastructure won’t be able to determine if failure is from packet loss issues or attack. The long-term fix is definitely client software patching. The 1 CVE related to AP / Infrastructure is related to 802.11r Fast Transition – if you have it enabled you should patch ASAP. If not, no big deal.
- Gestalt IT Rundown – November 22, 2017 - November 22, 2017
- The Gestalt IT Holiday Gift Guide 2017 - November 22, 2017
- All Storage Should Scale-Out – The On-Premise IT Roundtable - November 21, 2017
- Congruity360 Opens a Historic Data Center - November 20, 2017
- SNIA Hops on DePop, MoSMB, and Technical Debt in Gestalt Storage News 17.5 - November 20, 2017
- Russ White – IT Origins - November 16, 2017
- The Great Congruity360 Data Migration - November 15, 2017
- Gestalt IT Rundown – November 15, 2017 - November 15, 2017
- Gestalt Cloud News 17.8 - November 14, 2017
- A Conversation with Congruity360 COO Mark Shirman - November 9, 2017