KRACK attacks WPA2 Wi-Fi Security

Oct - 16 2017 | By

Mathy Vanhoef of imec-DistriNet has found an issue with the nonce (arbitrary number to only be used once) repeat that will allow AES encryption to be able to be bypassed to see the network traffic.  If TKIP or GCMP encryption are used it is possible to inject traffic into wireless network as well as view it.  The client – Windows PC, Mac, iPhone, iPad, Android, Chromebook or Linux device is the one at risk, make sure you have all of the necessary updates to protect your wireless traffic.  Network vendors in some cases are also vulnerable and are providing updates to protect from this 4 way handshake attack.

If you have a wireless client of any kind you need to make sure you get the updates for your device.

To see all of the details of the issue along with a demo:

Apple iOS devices and macOS
Beta versions of iOS and macOS have the fix for the KRACK vulnerability, the release for everyone will come in the next few weeks from Apple.  Apple released iOS 11.1 and macOS 11.13.1 along with security updates for macOS 10.12 and 10.11 on October 31, 2017.

Google Chrome and Android
Google is aware of the issue and will be working to provide an update in the coming weeks.
November updates for Pixel and Nexus devices contain fix for KRACK – November 6, 2017
Chromebook version 62 has the fix to KRACK – October 31, 2017

Microsoft Windows
Computers that have installed the October 2017 Security update for Windows are secured from this KRACK vulnerability.




Netgear Devices affected and fixes

Ubiquiti Unifi

Other devices and hardware that have released updates will be posted here

Michael Spice can help you make sure you are safe from this wireless network vulnerability.