Wi-Fi security vulnerability

Wi-Fi security vulnerability

16th October 2017

Wi-Fi security flaw puts devices at risk of hacks. That’s the dramatic headline on a news story on the BBC web site and the issue has been widely covered elsewhere.

If you’re worried, do get in touch. If there is a potential risk with your configuration, a software update can quickly fix it. In summary, upgrading your ArubaOS software is recommended to fully mitigate all vulnerabilities.

The issue itself is fairly technical. A researcher has published a paper documenting fairly widespread vulnerabilities in various implementations of WPA2. The vulnerabilities are related to different key handshakes, used between the Wi-Fi supplicant (client) and the AP (authenticator) to derive and install encryption keys. Different implementations respond in different ways when keying handshake messages are retransmitted – some of these responses did not anticipate that the retransmission may be due to an attacker’s action rather than simple packet loss. Because these vulnerabilities are related to implementation flaws, they can be fixed through software updates.

How real is the risk? Aruba’s assessment is that this is within the capabilities of a skilled attacker with cryptography and Wi-Fi experience, but it will likely take some time before easy- to-use tools are developed.

The attack does not expose WPA2 authentication credentials such as passwords or pre-shared keys. There is no need to change passwords or re-key a Wi-Fi network in the wake of this vulnerability.

Interestingly, all vendors worked from the same specification documents, which is why the flaw is widespread.

You might also like...

Workflows

Read more >
26th August 2015

Searching in M-Files

Read more >
26th August 2015