This is a Fast-Air Tech Talk security notice. The Tech Talk security notice is a free service for all Fast-Air customers. Please suggest security notice topics.
Monday a security flaw was announced with the Wi-Fi Protected Access 2 (WPA2) cryptography protocol. WPA2 is a widely used method to provide secure encrypted wireless network connections. The flaw, referred to as KRACK, short for Key Reinstallation AttaCK, is derived in the protocol itself, which affects many implementations, regardless of operating system.
The flaw allows a third party to intercept the WPA2 cryptography key exchanges that establish the encrypted connection. Changing passwords will not protect against the flaw.
Exploiting this flaw requires physical proximity to affected devices. Physical proximity means within reception range of the wireless device. Common examples include coffee shops and other areas where public WPA2 wireless is provided, or small businesses and homes where access is possible from adjacent buildings.
While receiving much press, not all wireless devices are affected. The flaw only affects WPA2 and not Ethernet connections or other secure wireless protocols.
Smart phones connecting to the vendor’s normal network are not affected. Smart phones connecting to a public wireless likely are affected.
When using a WPA2 connection, additional encryption methods such as HTTPS, SSH, TLS, or a VPN will prevent exploiting the flaw.
Many operating systems have already been patched or soon will be. While wireless devices such as routers should be updated by owners, if devices connecting to an affected router are patched then the flaw cannot be exploited.
Users can protect WPA2 connections by ensuring their wireless devices are updated.
- Free Gift Phishing Scams (Notice 2020-001) - January 15, 2020
- Tech Support Phone Scam (Notice 2019-001) - March 14, 2019
- VPNFilter Router Malware (Notice 2018-007) - May 30, 2018