Wi-Fi Security Compromise:

Researchers have detected a vulnerability through which Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key re-use, resulting in key re-installation by a wireless access point (AP) or client.

An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames.

Since WPA2 is a protocol that secures all modern protected Wi-Fi networks, laptops, desktops, phones, and other devices that support Wi-Fi are likely affected. Major developers, including Microsoft® and Google®, have stated they will be releasing patches soon.

Actions to Take:

The number and type of devices connecting via Wi-Fi continues to grow. Understand what devices are present in your network, and be prepared to patch them as fixes become available. As a best practice, it is critical you have a proactive patching program in place.

Resources:

U.S. Cert: http://bit.ly/2igttsr

U.S. Cert Vendor Info: http://bit.ly/2wZnbQ9

Wi-Fi Alliance Security Page: http://bit.ly/2zsvZzF

KRACK Attacks Research Page: https://www.krackattacks.com/

About Eric S. Harless

Eric is a Senior Sales Enablement Manager / Senior Product Manager for the SolarWinds Backup product and is focused on customer experience, product usability, reliability, and scale-ability.
This entry was posted in Backup & Recovery, Backup & Recovery (N-Central), Backup & Recovery (RMM), Backup & Recovery (Standalone), Backup & Recovery release notes, Backup & Recovery service updates, MSP Mail, MSP Mail service updates, MSP Remote Monitoring & Management, MSP Remote Monitoring & Management release notes, MSP Remote Monitoring & Management service updates, MSP Service Desk, MSP Service Desk release notes, MSP Service Desk service updates, Risk Intelligence, Risk Intelligence release notes, Risk Intelligence service updates, Security Notices. Bookmark the permalink.