Alert Logic® is actively researching a new vulnerability in the WPA2 encryption protocol used to secure wireless communication connections. The vulnerability has been dubbed “KRACK”, which is a shortened version of Key Reinstallation Attacks, and works against all modern protected Wi-Fi networks.
An attacker within range of a victim can use this new attack method to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. Depending on the network configuration, it is also possible to inject and manipulate data.
Since the weaknesses are in the Wi-Fi standard itself, any correct implementation of WPA2 is likely affected. During initial research, Alert Logic discovered that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC or contact your vendor.
Alert Logic Coverage
Alert Logic is developing vulnerability scan coverage to identify vulnerable Microsoft Windows and Linux clients. Alert Logic Cloud Defender®, Alert Logic Threat Manager™, and Alert Logic Cloud Insight™ will use authenticated scanning to inspect affected assets for missing security-related patches and updates.
Note: An update will be posted in the Updates section of this article when the scanning coverage is available.
Due to the nature of this vulnerability, it is not technically possible to detect via intrusion detection system, web application firewall, or logging.
Recommendations for Mitigation
To prevent the attack, users must update affected products as soon as security updates become available.
We will update this section with new information about this WPA2 vulnerability and related Alert Logic coverage as it becomes available. To be notified of these updates, click the Follow link at the top, right corner of this article page.
Note: You must sign in with your product credentials to follow this article.
10/18/17 - Vulnerability scan coverage is now available to identify vulnerable Microsoft Windows and Linux clients. Both Microsoft and Linux have released security updates to address this vulnerability.