Copy of – WPA/WPA2 KRACK SECURITY VULNERABILITY UPDATE & FAQs
Find the latest firmware updates, security patches and alternative product recommendations in response to WPA2 KRACK vulnerabilities.
As a leader in delivering secure, robust wireless connectivity solutions, Lantronix takes security very seriously. Below is an overview of the KRACK vulnerability and Lantronix’s response to this issue.
What has happened
A public announcement was recently made by security researchers who discovered a weakness in the Wi-Fi Protected Access protocol (WPA2) used in all modern Wi-Fi networks. This could result in a malicious attacker exploiting this weakness in unpatched devices to read information that was previously assumed to be safely encrypted. The vulnerability is within the implementation and interpretation of the Wi-Fi IEEE 802.11 standard itself and is therefore not unique to any particular access point or device vendor, which means that any Wi-Fi enabled device is potentially vulnerable to this particular issue.
How WPA2 security works
WPA security consists of both authorization and encryption. The authorization step is used to determine whether a particular client is allowed to access the wireless network, and comes in two flavors, Personal (WPA2-PSK) and Enterprise (WPA2-Enterprise). In Personal mode, a pre-shared key or passphrase is used to provide the key identifying credential. In Enterprise mode, the Extensible Authentication Protocol (EAP) is used to validate the client credentials against an external RADIUS or Active Directory server. In either the WPA2-AES Personal or WPA2-AES Enterprise scenario, once the client’s authorization credentials are validated, a unique set of encryption keys are established between that particular access point and that particular client device, to encrypt the traffic between them. This encryption process is done via a four-way handshake, where particular keys are passed back and forth between the access point and the client device so each can derive the appropriate unique encryption key pair.
A Summary of the KRACK Vulnerability
The security researchers discovered that they could manipulate and replay the third message in the four-way handshake to perform a key reinstallation attack (KRACK). In a KRACK scenario, an attacker must establish a man-in-the-middle position between the client and an AP and also impersonate the MAC address of the legitimate AP and must be on a different channel. This requires them to be within proximity of the Wi-Fi network and cannot execute these steps remotely.
What type of information is exposed?
When used successfully, the attacker can intercept the data traffic between the affected device and the access point. If the traffic from the device is encrypted using an end-to-end encryption protocol such as HTTPS, SSL/TLS or custom encryption packet protocol, an attacker cannot look inside that data traffic.
When used successfully against WPA2 with AES-CCMP (default encryption mode for most Wi-Fi networks), an attacker can decrypt and replay Wi-Fi frame, but cannot forge packets and inject them into the network.
When used against WPA-TKIP – the encryption protocol that already suffers from serious security weaknesses and not recommended for use – an attacker can decrypt, replace and forge Wi-Fi frames.
Please refer to the research paper for more details on the vulnerability and exactly which frames can be decrypted, replayed and (possibly) forged.
Does this mean my passwords or pre-shared keys are exposed?
No. Authentication credentials such as passwords or pre-shared keys are not exposed. There is no need to change passwords or re-key the Wi-Fi network in the wake of this vulnerability.
Does this mean there is a problem with the WPA2 encryption protocol?
No. The vulnerability is within the implementation and interpretation of the standard rather than a weakness in the encryption protocol itself. All vulnerabilities can be mitigated through software updates to affected systems without the need for a change in the protocol?
Is the SoftAP interface on Lantronix products impacted by this vulnerability?
No. The SoftAP interface on Lantronix products is not impacted by this vulnerability.
For more information, please review the documentation below:
Lantronix is currently working on security patches and will issue firmware releases for current products as soon as possible. The table below will be updated as firmware releases become available:
Lantronix Products Affected
|SGX 5150||In Progress (Estimated 11/15/2017)|
|PremierWave 2050||In Progress (Estimated 11/15/2017)|
|PremierWave EN||In Progress (Estimated 11/15/2017)|
|PremierWave XN||In Progress (Estimated 11/15/2017)|
|MatchPort b/g||In Progress|
|MatchPort b/g Pro||In Progress|
Who should I talk to if I have a question about this issue?
Lantronix is committed to helping our customers navigate this issue. If you do have a question, please contact your local Lantronix sales person or you can send your question to firstname.lastname@example.org.
Where can I learn more about KRACK?
For the latest information on the KRACK and other common vulnerabilities and exposures, go here.