Recent industry research into WPA2 security has revealed vulnerabilities and we would like to provide information on the impact to products from Jade Solutions. The widespread vulnerability can affect practically everyone and everything that uses wifi by allowing hackers to decrypt and potentially look at everything people are doing online.
On Monday 16 October 2017 the US CERT published VU#228519 in response to a research paper from two Belgian security researchers titled “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2”, which discussed vulnerabilities within the WPA2 standard itself. This attack has been named KRACK (Key Reinstallation AttACKs) and has its own website, at www.krackattacks.com).
Jade Solutions access points and branch routers are not exposed to this EXCEPT when operating as a wifi client to another access point or operating as a mesh point. Jade Solutions switches do not have integrated wifi and are not affected.
This is NOT a flaw in the WPA2 protocol. It is a flaw in the standards that were too loosely interpreted by the industry as a whole. Patches to address this are backward compatible.
A successful exploitation of KRACK attack requires an attacker to be physically close to the target and the potential weaknesses would not compromise connections to secure websites, such as banking services or online shopping.
There are no known exploits for this in the wild at this time that we are aware of. The targets of the attacks described in the research paper and the web site are all CLIENTs. In the researcher’s own words, “Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming).”
However, there is no need for panic. Jade Solutions is here to help and will be in touch with you shortly to advise you on how we can support you.
Need further help?
If you need help with products, please contact Jade Solutions Technical Support at 01925 295403.
If you would like a visit from us to discuss this, please complete and submit the form below: