Wireless Key Reinstallation Attacks (Krack)

It has recently come to our attention that there is an extremely severe wireless attack crippling the security of wireless networks. The nature of the attach is such that it allows attackers to decrypt wireless traffic as well as inject malicious content in to certain protocols. This vulnerability opens up wireless networks to a series of dangerous situations, whereas an outside intruder can spy or infect computers, as well as gain access to the network to launch more sophisticated attacks.

The main component of the attack targets clients (such as mobile devices, computers, network appliances). If your company uses wireless networking in any capacity, whether it is a guest network or your main method of connectivity (or both) this issue must be remedied on all impacted devices ASAP. Some wireless routers may be impacted as well and release firmware updates to address these vulnerabilities.

Windows users are highly recommended to install the latest important Windows Updates and reboot. Apple users are advised to do the same as the latest updates patch this issue on all Apple devices.

We will advise individually about updating your network equipment as patches become available. For more information please read on below.


Current status of patches for various common systems are as follows:

– Apple says they have already patched iOS, macOS. Be sure your devices are running the latest updates

– Google claims they are aware of the issue and are patching devices in the coming weeks. Meanwhile 41% of Android phones are vulnerable. We suggest disabling wireless temporarily on your Android phone until the November update.

– Intel has released driver updates and plans to release firmware updates later this year (November).

– Linux distributions have patches available now via APT and RPM.

– Microsoft has released a patch (KB4041681) that was included in the Windows Updates released October 10th, 2017. To verify it is installed you may check your Windows Update history.

– Netgear has released updates for many of their routers.

– Ubiquiti Unifi has released updates as of today.

 

Posted in cybersecurity.