This morning, our team was alerted through various channels to a new exploit called KRACK that compromises wireless networks using WPA or WPA2 encryption for securing the network. The issue was first reported by Ars Technica around 7am this morning, and commented that, according to researchers “If your device supports Wi-Fi, it is most likely affected.”
The United States Computer Emergency Readiness Team issued the following warning in response to the exploit:
US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.
Our team is now working diligently to patch all affected devices, such as wireless routers and access points, with firmware that will eliminate the vulnerability and secure the networks.
If you have any questions or concerns, please contact our team directly, via the Support Portal.