Dan Munro - Dev-Sec-Ops Engineer   News  Archives  Recommendations

KRACK Attacks

In case you haven’t heard, a critical security flaw has been uncovered in WPA2. The scope of this flaw includes all modern wifi routers, and requires only close proximity to the device in order to carry out the attack.

All devices are affected because the flaw is in the standard itself, and not an individual product or implementation. Specifically, correct implementations of WPA2 are affected by KRACK attacks.

While firmware updates are not yet available, there are scripts to detect susceptibility to the attack here.

Here is another good write up of the attack.

Steps To Take Now

If possible:

Looking Forward

Hopefully this vulnerability will speed the demise of WPA2 in favor of its replacement, WPA3. The WPA3 draft is finalized, however, no routers implement the draft as of this writing.

Written on Aug 10, 2018.