The exploit takes advantage of design or
implementation flaws in Wi-Fi Protected Access II (WPA2) cryptographic
protocols to reinstall a key that’s already in use, allowing attackers to
eavesdrop on some or all data transmitted or received over a Wi-Fi connection.
If your network is not patched against this vulnerability, hackers have
basically got the keys to your kingdom.
What you need to know:
With the exception of certain
military-grade specialty devices, all Wi-Fi capable devices are affected. The
severity of the impact varies, depending on your operating system,
confidentiality protocol, and the handshake type used by your network. Some
configurations allow the attacker to replay and decrypt some traffic. Other
configurations permit the attacker to replay and decrypt all traffic, as well
as injecting arbitrary packets.
What can you do?
The National Security Agency has
published a list of five recommended mitigations.
- Install patches to both the clients and Access Systems as soon as they are made available. Relevant CVEs: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, and CVE-2017-13088.
- Disable Fast BSS Transition on Access Systems until patches are available to prevent the FT handshake attack.
- Temporarily use only AES-CCMP until patches are available.
- Install an underlying virtual private network until patches are available.
- Do not use modes requiring generation of a Peerkey.
We'll provide more updates as they
become available.
Listen to this...
No comments:
Post a Comment